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SPECIAL  REPORT:  SECURITY 


You  hate  to  talk  about 
security,  but  you  worry  about  it— with  good 
reason.  Here’s  how  to  worry  more  productively. 
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More  global,  less  foreign. 


You'll  find  a  Fujitsu  company  ready  to  provide  best-of-breed  IT  and 


telecommunications  solutions  in  your  corner  of  the  world.  A  host  of 


Fujitsu  companies  including  Amdahl,  DMR  Consulting,  ICL  and  Glovia 


International  offer  a  comprehensive  array  of  IT  services  and  technologies 


around  the  globe.  So  they  recognize  the  business  value  inherent  in  tapping 


new  markets  and  new  cultures.  And  they  know  how  to  use  the  Internet 


to  help  you  provide  your  global  customers  with  local,  personalized 


service.  Which  means  wherever  your  customers  are,  whatever  their 


needs,  they  won’t  have  to  look  very  far  to  find  a  friendly  face. 


©2001  Fujitsu.  All  rights  reserved. 


cO  While  the  world  may  be  getting  smaller,  its  challenges  clearly  aren’t.  That’s  why  it’s 


reassuring  to  know  some  people  have  your  best  interests  in  mind.  People  who  eat,  sleep  and 


breathe  your  business.  So  when  you  talk  about  your  company’s  Internet  needs,  they  understand 


every'  word  you  say.  Fujitsu  is 


the  world’s  third  largest  IT 


services  company*- a  $50  billion 


I 


THE  INTERNET  CAN  PUT  YOU  IN  TOUCH 
WITH  MILLIONS  OF  CUSTOMERS 
AROUND  THE  GLOBE. 

THEN  WHY  DO  YOU  FEEL  SO  ALONE? 


■ — 


provider  of  IT  and  telecommunications  products  and  services.  With  60,000  IT  support  and 


service  professionals  and  operations  in  over  100  countries,  we’re  anything  but  distant.  We  get 


to  know  each  of  our  global  customers,  on  their  own  turf.  All  over  the  world.  Isn’t  it  nice  to  know 


that,  wherever  the  Internet  takes  your  business,  there  will  be  someone  right  by  your  side? 


FUJITSU 


THE  POSSIBILITIES  ARE  INFINITE 


www.fujitsu.com 


‘Source:  IDC,  December  1999.  Who  Will  be  Leading  the  Global  IT  Services  Industry  in  2000?:  A  Competitive  Analysis  by  Mauro  Peres,  Sophie  Janne  Mayo. 


DESIGN  YOUR  OWN 
SYSTEM.  DESIGN 
YOUR  OWN  PRICE. 

GO  TO  DELL.COM 


DELL™  SERVERS: 


DELL™  POWEREDGE™  300 

II 

DELL™  POWEREDGE™  1400 

II 

DELL™  POWEREDGE™  2400 

NEW — Basic  Box  at  Our  Lowest  Price 


■  Intel®  Pentium®  III  Processor  at  800MHz 
(up  to  850MHz) 

■  Dual  Processor  Capable 

■  64MB  100MHz  ECC  SDRAM  (up  to  1GB) 

■  10GB5  (7200  RPM)  IDE  HD  (up  to  40GB5) 

■  Up  to  120GB  Internal  Storage  Capacity 

■  Intel®  Pro/100+  PCI  Ethernet  Adapter 

■  48X  Max  IDE  CD-ROM 

■  Dell™  OpenManage™  Server 
Management  Solutions 

■  1-Yr  NBD  On-Site  Service3,  Years  2  &  3 
Parts  &  Labor 

■  7x24  Phone  Tech  Support 


$999 


E-VALUE  CODE 
11198-290209 


BUSINESS  LEASE:  $28/MO.,48  MOS." 


■  2nd  10GB5  (7200  RPM)  IDE  HD,  add  $109 

■  2nd  Intel®  Pentium®  III  Processor  at  800MHz, 
add  $499 


NEW — Small  Business  Value  Solution 


■  Intel®  Pentium®  III  Processor  at  800MHz 
(up  to  1GHz) 

■  Dual  Processor/RAID  Capable 

■  128MB  133MHz  ECC  SDRAM  (up  to  2GB) 

■  9GB5  (7200  RPM)  Ultra3  (Ultra  160)  SCSI  HD 
(up  to  36GB5 10KRPM) 

■  Up  to  144GB  Internal  Storage  Capacity 

■  Integrated  NIC/SCSI  Controllers 

■  48X  Max  IDE  CD-ROM 

■  Dell™  OpenManage™  Server 
Management  Solutions 

■  3-Yr  NBD  On-Site  Service3 

■  7x24  Phone  Tech  Support 


$1299 


E-VALUE  CODE 
11198-290212 


BUSINESS  LEASE:  $36/MO.,48  MOS.” 


■  2nd  9GB5  (7200  RPM)  UltraS  SCSI  HD,  add  $219 

■  MS®  Windows®  2000  Server,  add  $799 


Scalable  Workgroup  Server 


■  Intel®  Pentium®  III  Processor  at  733MHz 
(up  to  1GHz) 

■  Dual  Processor/RAID  Capable 

■  128MB  133MHz  ECC  SDRAM  (up  to  2GB) 

■  9GB5  (7200  RPM)  Ultra2/LVD  SCSI  HD 
(up  to  73GB5 10KRPM) 

■  Up  to  364GB  Hot-swappable  Internal 
Storage  Capacity 

■  Integrated  NIC/SCSI  Controllers 

■  40X  Max  SCSI  CD-ROM 

■  Dell™  OpenManage™  Server 
Management  Solutions 

■  3-Yr  NBD  On-Site  Service3 

■  7x24  Phone  Tech  Support 


$1599 


E-VALUE  CODE 
11198-290215 


BUSINESS  LEASE:  $44/MO.,48  MOS.” 


■  2nd  9GB5  (7200  RPM)  Ultra2/LVD  SCSI  HD, 
add  $249 


■  NEW  Red  Hat®  Linux™  7.0,  add  $0 


DELL™  NOTEBOOKS: 


DELL"  INSPIRON  3800  [[  DELL  INSPIRON™  8000  II  DELL"  LATITUDE"  CPt 


Design  and  Affordability  Notebook 


NEW— Performance  and  Versatility  Notebook 


Network-Optimized  Notebook 


■  Intel®  Celeron™  Processor  at  600MHz 

■  12.1"  SVGA  Active  Matrix  Display 

■  64MB  SDRAM;  5GB5  Ultra  ATA  HD 

■  Modular  24X  Max  Variable  CD-ROM 

■  8MB  ATI  Rage  Mobility™  3D®  Video,  2X  AGP 

■  Internal  56K  Capable6  Modem 

■  MS®  Works  Suite  2001 

■  1-Yr  Mail-in  Service  with  1-Yr  Phone  Tech  Support 

<t  IAOO  E-VALUE  CODE 

4>  I V#  /  11198-890210 

BUSINESS  LEASE:  $31/MO.,48  MOS.” 

■  Intel®  Pentium®  III  Processor  at  700MHz, 
add  $200 

■  3-Yr  NBD  On-Site  Service3  with  Lifetime  Phone 
Tech  Support,  add  $218 


■  Intel®  Celeron™  Processor  at  600MHz 

■  14.1"  SXGA+ TFT  Display 

■  64MB  SDRAM;  5GB5  Ultra  ATA  HD 

■  Fixed  CD-ROM  (Upgrade  to  CD-RW  or  DVD) 

■  Modular  Floppy  Drive  (Upgrade  to  Optical 
Drive  or  Zip) 

■  8MB  ATI  Rage  Mobility™-M4  3D®  Video,  4X  AGP 

■  59WHr  Li-Ion  Battery 

■  MS®  Office  2000  Small  Business 

■  3-Yr  NBD  On-Site  Service3 

IAOO  E-VALUE  CODE 

lu 7  7  11198-890216 

BUSINESS  LEASE:  $47/MO.,48  MOS.” 

■  Factory-installed  8X  Max  CD-RW,  add  $299 

■  Internal  TrueMobile™  Wireless  NIC'2 Card, 
add  $159 


■  Intel®  Celeron™  Processor  at  600MHz 

■  12.1"  SVGA  Active  Matrix  Display 

■  64MB  SDRAM;  6GB5  Ultra  ATA  HD 

■  Modular  24X  Max  CD-ROM/Floppy  Drive 

■  Internal  56K  Capable6  SoftModem 

■  MS®  Windows®  98,  Second  Edition 

■  Li-Ion  Battery  w/ExpressCharge™  Technology 

■  Dual  Pointing  -Touchpad  and  Pointing  Stick 

■  1-Yr  NBD  On-Site  Service3 

I 900 E-VALUE  CODE 
4> 1077 11198-790213 

BUSINESS  LEASE:  $39/MO.,48  MOS." 

■  14.1"  Active  Matrix  Display,  add  $250 

■  Deluxe  Nylon  Carrying  Case,  add  $69 


■  Upgrade  to  CompleteCare™  Service20  from 
3-Yr  NBD  On-Site  Service,3  add  $169 


DELL"  DESKTOPS  AND  WORKSTATIONS: 


DELL™  DIMENSION™  L 


Affordable  Business  Desktop 

■  Intel®  Celeron™  Processor  at  700MHz 

■  64MB  SDRAM  (up  to  512MB) 

■  20GB5  UltraATA/100  HD 

■  15"  (13.8"  vis)  E551  Monitor 

■  Intel®  3D®  AGP  Graphics;  48X  Max  CD-ROM 

■  SoundBlaster  64V  Integrated  Sound 

■  Integrated  Intel®  10/100  NIC 

■  MS®  Windows®  Me  &  MS®  Works  Suite  2001 
&  Norton®  AntiVirus™ 

■  1-Yr  Ltd  Warranty2;  1-Yr  NBD  On-Site  Service3 


E-VALUE  CODE 
11198-590206 


$6490 

BUSINESS  LEASE:  $18/MO.,48  MOS." 

■  17“  (16.0"  vis)  E770  Monitor,  add  $60 

■  harman/kardon®  Speakers,  add  $30 


DELL™  DIMENSION™  L 


Affordable  Business  Desktop 

■  Intel®  Pentium®  III  Processor  at  866MHz 

■  64MB  SDRAM  (up  to  512MB) 

■  20GB5  UltraATA/100  HD 

■  17"  (16.0"  vis)  E770  Monitor 

■  Intel®  3D®  AGP  Graphics;  48X  Max  CD-ROM 

■  SoundBlaster  64V  PCI  Sound  Card 

■  PC  Speakers 

■  3Com®  PCI  10/100  NIC 

■  MS®  Windows®  Me  &  MS®  Works  Suite  2001 
&  Norton®  AntiVirus™ 

■  1-Yr  Ltd  Warranty2;  1-Yr  NBD  On-Site  Service3 


E-VALUE  CODE 
11198-590208 


$8990 

BUSINESS  LEASE:  $25/MO.,48  MOS." 
■  128MB  SDRAM,  add  $60 


DELL™  DIMENSION™  4100 


Advanced  Business  Desktop 

■  Intel®  Pentium®  III  Processor  at  933MHz 

■  64MB  SDRAM  (up  to  512MB) 

■  20GB5  (7200  RPM)  Ultra  ATA/100  HD  (up  to  80GB5) 

■  17"  (16.0"  vis)  E770  Monitor 

■  16MB  ATI  Rage™  Pro  Graphics 

■  48X  Max  CD-ROM 

■  Integrated  Audio  with  SoundBlaster  Pro/16 

■  harman/kardon®  Speakers 

■  Integrated  Intel®  10/100  NIC 

■  MS®  Windows®  Me  &  MS®  Office  2000  Small 
Business  &  Norton®  AntiVirus™ 

■  3-Yr  Ltd  Warranty2;  1-Yr  NBD  On-Site  Service3 


$11990 


E-VALUE  CODE 
11198-590211 


BUSINESS  LEASE:  $33/MO.,48  MOS." 

■  MS®  Windows®  2000  Professional,  add  $99 


DELL™  OPTIPLEX™  GXI50 


NEW — Latest  and  Greatest  Managed  PC 

■  Intel®  Pentium®  III  Processor  at  866MHz 

■  64MB  PC133  SDRAM  (up  to  512MB) 

■  10GB5  (7200  RPM)  ATA/100  HD  (up  to  40GB5) 

■  15"  (13.8"  vis)  E551  Monitor  (up  to  Flat  Panel) 

■  Integrated  3Com®  10/100  NIC 

■  Intel®  3D®  AGP  Graphics 

■  48X  Max  CD-ROM;  Integrated  AC97  Audio 

■  MS®  Windows®  2000  Professional 

■  NEW  OptiFrame™  Small  Desktop  Tool-less 
Chassis  in  Midnight  Gray 

■  3-Yr  NBD  On-Site  Service3 


$999 


E-VALUE  CODE 
11198-390209 


BUSINESS  LEASE:  $28/MO.,48  MOS." 


DELL™  OPTIPLEX™  GX200 


Network-Optimized  Managed  PC 

■  Intel®  Pentium®  III  Processor  at  933MHz 

■  128MB  PC700  RDRAM  (up  to  512MB) 

■  10GB5  (7200  RPM)  ATA  HD  (up  to  40GB5) 

■  17"  (16.0"  vis)  M781p  Monitor 
(up  to  Flat  Panel) 

■  Integrated  3Com®  10/100  NIC 

■  Integrated  8MB  4X  AGP  Graphics 

■  48X  Max  CD-ROM;  Integrated  AC97  Audio 

■  MS®  Windows®  2000  Professional 

■  OptiFrame™  Mini-Tower  Tool-less  Chassis 

■  3-Yr  NBD  On-Site  Service3 


$14990 

BUSINESS  LEASE:  $41/MO.,48  MOS." 


E-VALUE  CODE 
11198-390214 


DELL™  PRECISION™  220 


Advanced  Performance  Workstation 

■  Intel®  Pentium®  III  Processor  at  933MHz 
(up  to  1GHz) 

■  Tower  Chassis 

■  Dual  Processor/RAID  Capable 

■  128MB  PC600  RDRAM  (up  to  1GB) 

■  10GB5  (7200  RPM)  EIDE  HD 
(up  to  73.4GB5 10K  RPM  SCSI) 

■  NEW  Matrox  G450  32MB  4X  AGP  Graphics  Card 

■  Integrated  NIC  &  Sound;  48X  Max  CD-ROM 

■  MS®  Windows®  2000  Professional 

■  3-Yr  NBD  On-Site  Service3 

■  7x24  Dedicated  Workstation  Phone  Tech  Support 


$15990 


E-VALUE  CODE 
11198-490215 

BUSINESS  LEASE:  $44/MO.,48  MOS." 

■  Monitor  Sold  as  an  Upgrade 


pentium®M>> 


Dell  recommends  Windows  2000 
Professional  for  business. 

Call;  Wi-F  7a-9p  I  Sat  10a-6p  I  Sun  12p-5p  CT ! 
Canada:  800-833-0148 1  Mexico:  001-877-260-3379 
GSA  Contract  #GS-35F-4076D 

Prices,  specifications  and  availability  may  change  without 
notice.  Taxes  and  shipping  charges  extra,  and  vary.  Cannot 
be  combined  with  other  offers  or  discounts.  U.S.  only.  Tor  a 
copy  of  our  Guarantees  or  Limited  Warranties,  write  Dell 
USA  L.P.,  Attn:  Warranties,  One  Dell  Way,  Round  Rock, 
Texas  78682.  -’Service  may  be  provided  by  third  party. 
Technician  will  be  dispatched,  if  necessary,  following 
phone-based  troubleshooting.  To  receive  Next-Business-Day 
service,  Dell  must  notify  service  provider  before  5  pm 
(depending  on  service  contract)  customer's  time.  Availability 
varies.  Tor  hard  drives,  GB  means  1  billion  bytes;  accessible 
capacity  varies  with  operating  environment.  'Download 
speeds  limited  to  53Kbps.  Upload  speeds  are  less  (about 
30Kbps)  and  vary  by  modem  manufacturer  and  line  conditions. 
Analog  phone  line  and  compatible  server  required. 
"Business  leasing  arranged  by  Dell  Financial  Services  L.P., 
an  independent  entity,  to  qualified  customers.  Lease 
payments  based  on  a  48-month  FMV  purchase  option  lease 
and  do  not  include  taxes,  fees  and  shipping  charges. 
Subject  to  credit  approval  and  availability.  Lease  terms  and 
pricing  subject  to  change  without  notice.  “CompleteCare 
service  excludes  theft,  loss,  and  damage  due  to  fire  or 
intentional  damage.  CompleteCare  is  currently  not  available 
in  all  states.  For  complete  details,  visitwww.dell.com/us/en/bsd/ 
services/service_completecare__svc.btm.  “Connect  at  a  rate  of 
1 1  Mbps  up  to  100m  from  connected  access  point.  Range  and 
speed  may  vary  due  to  number  of  users,  interference  and  trans¬ 
mission  barriers  such  as  walls  and  building  material.  Dell, 
the  stylized  E  logo,  E-Value,  Dimension,  Inspiron,  Latitude, 
OptiPlex,  PowerEdge  and  Precision  are  trademarks  of  Dell 
Computer  Corporation.  Intel,  the  Intel  Inside  logo  and  Pentium 
are  registered  trademarks,  and  Intel  Celeron  is  a  trademark  of 
Intel  Corporation.  MS,  Microsoft,  Windows  NT  and  Windows 
are  registered  trademarks  of  Microsoft  Corporation.  3Com  and 
Fast  EtherLink  are  registered  trademarks  of  3Com  Corporation. 
Trinitron  is  a  registered  trademark  of  Sony  Corporation.  Dell  can¬ 
not  be  held  responsible  for  errors  in  typography  or  photography. 
©2001  Dell  Computer  Corporation.  All  rights  reserved. 
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USE  THE  POWER  OF  THE 
E-VALUE  CODE.  Match  our 
latest  technology  with  our 

latest  prices.  Enter  the  E-VALUE 

code  online  or  give  it  to  your 

sales  rep  over  the  phone. 

VALUE 

www.dell.com/evalue 

USE  THE  E-VALUE  CODE  TO  GET  EXACTLY  WHAT  YOU  WANT 


877.954.3355  www.dell.com 


itec  and  the  Symantec  logo  are  U  S  reg.  trademarks  arid  the  Digital  Immune  System  is  a  trademark  of  Symantec  Corporation.  ©2001  Symantec  Corporation.  All  Rights  Reserved. 


Virus  Protection  by  Symantec. 

Symantec  Virus  Protection  solutions  shield  your  network  at  every  vulnerable  point— firewall,  gateway  file  and  mail  servers,  all  the  way  to  the  desktop— and  they 7 
certified  on  more  platforms  than  any  other  software.  Plus,  our  Digital  Immune  System™ automatically  eradicates  new  viruses  before  they  can  spread.  To  find  ol 
more  about  Symantec  Enterprise  Security,  visit  www.symantec.com/ses  or  call  800-745-6054  x9AZ1.  And  put  a  powerful  security  force  to  work  for  you. 
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Features 

Special  Report:  Security 

All  Bark,  No  Bite  8o 

INTRODUCTION  Knowing  that  there  is  no  such  thing 
as  a  secure  environment  is  the  first  step  toward  truly 
understanding  the  discipline  of  security. 

Someone  to  Watch  Over  You  82 

STRATEGY  A  single  sentinel  in  charge  of  security,  both 
physical  and  digital,  makes  sense  for  this  company. 

Does  it  make  sense  for  yours?  By  Tracy  Mayor 

Conspiracy  of  Silence  92 

ATTITUDES  You  can’t  ignore  them  or  avoid  them,  so 
you  might  as  well  face  the  security  threats  to  your  com¬ 
pany’s  digital  crown  jewels.  By  Angela  Genusa 

12  Keys  for  Locking  Up  Tight  98 

RISK  MANAGEMENT  There  is  a  formula  to  keep  your 
company  safe.  Do  you  have  all  the  right  elements? 

By  Angela  Genusa 


Stamps  of  Approval 


104 

CERTIFICATION  Getting  a  third  party  to  vouch  for  your 
security  is  good  for  your  company’s  image.  How  much  you 
can  trust  it  is  another  matter.  By  Eric  Berkman 


Bob  Mooney,  president  of  Envera  132 


IT  Autopsy 


114 


FORENSICS  No  longer  an  obscure  component  of 
network  security,  computer  forensics  has  blossomed  into  a 
science  all  its  own.  By  Matt  Villano 


Mudge  Ado  About  Security  126 

VIEWPOINT  Think  you  can  just  buy  an  off-the-rack  firewall 
and  rest  easy?  Think  again.  By  Mudge 

The  Right  Chemistry  132 

E-COMMERCE  STRATEGIES  Envera  provides  an  electronic 
link  between  chemical  companies  and  their  customers. 
Sounds  simple,  but  why  should  the  XML-based  platform 
succeed  where  EDI  failed?  By  Lauren  Gibbons  Paul 


Your  Tax  Dollars  at  Work? 

E-GOVERNMENT  Federal  agency  CIOs  could  save  you 
billions  through  supply  chain  automation.  They  don’t. 
By  Rebecca  Lynch 


144 
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GOOD  MORNING 

Once  again,  today  has  arrived.  And  it  brings  with  it  the 
same  meetings,  the  same  problems,  and,  in  many 
cases,  the  same  solutions.  Unfortunately,  many  of 
those  same  solutions  aren't  working.  Because 
business  has  been  transformed  by  the  little  letter  e. 
And  the  technology  that  was  once  the  domain 
of  twentysomethings  with  a  website  and  a  warehouse 
in  their  garage  is  now  an  integral  part  of  every  business.  Fortunately, 
however,  the  same  principles  that  made  for  good  management  before 
still  make  good  eBusiness  sense.  Of  course,  that's  a  lot  more  difficult 
now  that  your  business  isn't  contained  by  four  walls  and  needs  to  be 
accessible  anywhere,  anytime,  for  anyone.  That's  why  it's  more  important 
than  ever  to  have  the  very  best  software.  Software  that  manages  your 
business  processes- integrating  all  parts  of  your  company,  including 
suppliers  and  partners,  to  make  sure  that  they're  working  together 
seamlessly.  Software  that  manages  information  -  storing,  accessing,  and 
utilizing  the  vast  wealth  of  knowledge  that  you  continually  gather  about 
yourself  and  your  customers.  Software  that  manages  your  infrastructure - 
maintaining  and  securing  your  assets  while  letting  you  see  the  big 
picture  to  ensure  that  everything  keeps  running  smoothly.  There's  no 
doubt  about  it.  Things  have  changed.  But  that  just  means  there  will  be  new 
solutions  to  the  old  problems.  And  we  think  that's  a  change  for  the  better. 

HELLO  TOMORROW 

WE  ARE  COMPUTER  ASSOCIATES 

THE  SOFTWARE  THAT  MANAGES  eBUSINESS 


ca.com 


Computer  Associates™ 


©2001  Computer  Associates  Internationa!.  Inc.  (CA).  All  trademarks,  trade  names,  service  marks,  and  logos  referenced  herein  belong  to  their  respective  companies. 


©  2000  Research  In  Motion  Limited.  All  rights  reserved. 
BlackBerry  is  an  end-to-end  wireless  email  solution  developed 
by  Research  In  Motion  (RIM).  BlackBerry,  the  BlackBerry  logo, 
the  “envelope  in  motion"  symbol,  RIM,  the  RIM  Wireless  Handheld 
family  of  marks  and  the  RIM  logo  are  trademarks  of  RIM. 


When  it  comes  to  wireless  email,  there’s  one  thing  most  products  ignore.  It’s  that  ‘little’ 
issue  called  security.  Then  there’s  BlackBerry™  It’s  a  complete  wireless  email  solution  actually 
engineered  to  meet  your  corporate  security  standards.  BlackBerry  is  a  totally  integrated 
package  that  features  powerful  wireless  handhelds,  desktop  tools,  enterprise  server  software, 
advanced  encryption  technology  and  nationwide  airtime.  With  support  for  Triple  DES  encryption, 
BlackBerry’s  end-to-end  security  model  ensures  the  authentication,  integrity  and  confidentiality 
of  all  incoming  and  outgoing  email  messages.  No  wonder  BlackBerry  is  becoming  the  corporate 
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turers  and  distributors.  Read 
this  article  to  learn  how  to 
create  an  effective  supply 
chain  and  whether  investing  in 
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mented  rapidly,  pressures 
mount  from  expectant 
users,  and  the  solutions 
vendors  fly  about  your 
head  like  gnats. 55 

-A  reader  responding  to  Sound  Off, 
“What  Makes  Your  Job  So  Tough?” 
comment.cio.com/sound.  cfm?ID=83 


14  CIO  MARCH  1,  2001  •  www.cio.com 


Triple  Performance 

with  Oracle  9/ 

Application  Server. 
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Server  Family 


THE  FABLED  FIVE  NINES.  ELUSIVE,  COVETED 

For  a  server  operating  system,  the  five  nines  are  a  measure  of  reliability  that  translates 
into  just  over  five  minutes  of  server  downtime  per  year*  Of  course,  rumors  of  this  99.999% 
uptime  usually  start  under  ideal  lab  conditions.  But  where  are  these  five  nines  when  your  ■ 
company  needs  them?  If  you’re  using  Microsoft®  Windows®  2000  Server-based  solutions, 
they  may  be  closer  than  you  think.  Today  Starbucks,  FreeMarkets  and  MortgageRamp,  an 
affiliate  of  GMAC  Commercial  Mortgage,  are  using  Windows  2000  Server-based  systems 
that  are  designed  to  deliver  99.999%  server  uptime.  With  system  architecture  improvements 
for  higher  server  uptime  plus  fault-tolerant  and  redundant  systems  for  increased  availability, 
the  Windows  2000  Server  platform  is  helping  these  companies  maximize  uptime  and 
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minimize  network  interruptions.  But  a  server  OS  alone  doesn’t  get  you  five  nines,  which  is 
why  we’ve  teamed  up  with  industry-leading  system  providers  to  ensure  that  the  right 
combination  of  people,  process  and  technology  is  utilized.  Industry  leaders  such  as  Compaq, 
Hewlett-Packard,  Unisys,  Stratus  and  Motorola  Computer  Group  can  work  with  you  to  deliver 
solutions  with  up  to  five  nines  uptime  with  their  custom-built  Windows  2000  Servers  shipping 
today.  Of  course,  not  all  installations  require  this  level  of  reliability,  but  one  thing  is  for  sure: 
The  Windows  2000  Server  family  can  help  you  get  to  the  level  of  reliability  you  need,  even 
five  nines.  To  learn  more  about  server  solutions  you  can  count  on,  visit 
Tiicrosoft.com/windows2000/servers  Software  for  the  Agile  Business. 
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From  the  Editor 

lundberg@cio.com 


What  Are  You 
Afraid  Of? 

When  a  convenience  store  is  robbed,  the  clerk  calls  the  cops, 
gives  a  description  of  the  crooks,  and  the  cops  go  on  the  hunt. 
If  the  information  and  the  police  work  are  good  enough,  the 
cops  will  catch  the  perpetrators  before  another  convenience 
store  gets  hit.  That’s  the  way  law  enforcement  works. 

So  why  doesn’t  this  kind  of  information  sharing  happen 
when  it  comes  to  computer  crime? 

Fear.  Executives  are  afraid  they’ll: 

Become  a  target.  If  they  say  they’ve  been  hacked  or  have 
concerns  of  being  hacked,  they  show  their  vulnerability.  Like 
wounded  cubs  on  the  Serengeti  Plain,  the  hyenas  will  move  in  to 
finish  them  off. 

Become  a  challenge.  If,  on  the  other  hand,  they  say  their  sys¬ 
tems  are  secure,  it’s  like  throwing  down  the  gauntlet  to  hackers. 
“Either  way,  it  [sets]  us  up  as  a  target  and  a  challenge  for  hack¬ 
ers,”  says  an  anonymous  CIO  in  “Conspiracy  of  Silence,” 
beginning  on  Page  92. 

Damage  confidence  (and  revenue  and  valuation).  If  news 
leaks  out  to  customers,  it  could  hurt  their  confidence  in  the  com¬ 
pany.  Investors  might  downgrade  the  company’s  stock.  Even 
sharing  the  information  within  the  inner  circle  could  trigger  a 
negative  reaction  among  shareholders. 

These  are  serious  concerns.  But  letting  them  drive  behavior 
may  be  giving  the  bad  guys  the  upper  hand. 

“Hackers  share  information,”  said  computer  crime  fighter 
Gail  Thackeray  at  a  CIO  Perspectives  Conference  in  October 
2000.  “We  don’t.  We  need  to  share  information  between  indus¬ 
try  and  law  enforcement.” 


Bruce  Schneier,  author  of  Secrets  &  Lies:  Digital  Security  in 
a  Networked  World,  agrees.  “We  need  to  publicly  understand 
why  systems  fail.  Secrecy  only  aids  the  attackers.” 

Until  corporations  start  sharing  information  with  each  other 
and  with  law  enforcement  about  what’s  actually  going  on,  the 
bad  guys  will  keep  the  upper  hand.  And  I’ve  got  news  for  you: 
The  real  bad  guys  haven’t  even  arrived  on  the  scene  yet. 

The  recent  move  by  Microsoft,  Oracle,  Cisco  and  others  to 
form  a  security  coalition  is  a  promising  step  in  the  right  direc¬ 
tion,  following  the  lead  of  three  other  industries  (banking,  tele¬ 
com  and  electric)  to  share  information  within  their  commu¬ 
nity.  But  these  coalitions  are  under  no  obligation  to  share  infor¬ 
mation  with  law  enforcement  (and  vice  versa),  and  there  are 
no  early  signs  that  they’ll  be  inclined  to  do  so. 

The  FBI  has  plans  of  its  own,  rolling  out  its  Infragard  intru¬ 
sion  alert  program  on  a  national  level  (for  more  on  this,  see 
Martha  Heller’s  Sound  Off  column  at  comment. do. com! 
sound.cfm?ID=85). 

Industry-only  information  sharing  is  fine  if  all  you  want  to  do 
is  shore  up  your  defenses.  But  once  the  real  criminals  and  ter¬ 
rorists  start  working  the  Internet  in  an  organized  way  (and  it 
won’t  be  long),  don’t  you  think  you’ll  want  to  have  the  crime 
fighters  in  the  loop?  Let  me  know  at  lundberg@cio.com. 
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GET  TO  THEM  THROUGH  US. 

Customers  are  a  moving  target.  They're  likely  to  show  up  anywhere.  So  prepare  yourself.  Blue  Martini  lets  you 
meet  them  head-on  at  the  point  of  sale,  wherever  that  may  be.  For  example,  it's  not  unusual  for  someone 
to  research  a  product  on  the  Web,  meet  with  a  sales  person,  then  later  contact  the  call  center  to  check  on 
the  order.  Now,  at  any  point  of  interaction,  Blue  Martini  is  there,  delivering  a  highly  personalized,  branded 
experience.  To  find  out  more  about  Blue  Martini's  total  e-business  solution,  visit  www.bluemartini.com/target. 
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The  NEC  MultiSync®  LCD  1800. 

Introducing  the  affordable  NEC 
MultiSync  LCD  i8oo,the  newest 
in  our  line  of  18-inch  monitors. 

Offering  the  industry’s  most 
popular  screen  size  and  a  depth 
of  just  4.3  inches  (6o%  smaller 
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wide-angle  viewing.  And  low 
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to  keep  things  cool. 
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in  visual  display  technology. 

see  moQE. 

1.888.NEC.MITS 

www.necmitsubishi.com 


InBox 

Reader  Feedback 


WOMEN  IN  TECHNOLOGY,  REVISITED 

About  “The  Forgotten  Majority”  [Difference  Engine,  Nov.  1,  2000]:  I  am  a  woman  who  loves 
technology.  I  was  lucky  enough  to  have  a  mom  who  worked  as  an  administrative  assistant 
at  a  computer  company.  She  got  us  a  deal  on  an  Eagle  PC  when  I  was  about  11  years  old. 
My  dad,  being  an  engineer,  figured  everything  out.  But  then,  seeing  that  I  was  attracted  to 
some  of  the  games  that  were  on  the  computer,  he  showed  me  how  to  use  it.  I  got  a  four- 
year  degree  in  marketing,  decided  I  didn't  want  to  do  sales,  and  went  back  to  school  for 
computer  programming.  I’m  about  halfway  through  with  my  associate’s  degree  and  have  a 
straight-A  average. 

I  think  a  major  reason  many  women  don’t  like  technology  is  because  they  perceive  it  as 
geeky  and  as  something  that  keeps  them  from  being  in  contact  with  other  people.  In  contrast, 
I  constantly  e-mail  my  friends  and  have  met  many  people  through  chat  rooms,  Web  rings  and 
Listservs.  Also,  some  women  I’ve  talked  to  say  they  don’t  want  to  be  chained  to  a  desk  using 
a  computer  all  day.  I’ve  been  temping  for  two  years  now  and  have  yet  to  find  an  administra- 


So  my  hat  is  completely  off  and  fly¬ 
ing  in  the  air  in  respect  for  Janese  Swan¬ 
son  of  Girl  Tech  for  having  the  courage, 
foresight  and  intelligence  to  go  into  an 
intimidating  business  first  of  all,  and 
then  for  having  the  guts,  personal  intu¬ 
ition  and  belief  in  herself  to  pursue  the 
impossible:  bringing  women  into  the 
21st  century  and  giving  them  elegant 
and  feminine  IT  choices.  God  bless  her! 

Cindy  Bresaw 
Nationwide  Insurance 
Canton,  Ohio 
jason  77@sssnet.  com 


tive  position  (one  of  the  “tradition¬ 
al”  female  office  jobs)  where  I’m  not 
sitting  at  a  desk  all  day  and  using  a 
computer  for  something. 

Technology  is  wonderful,  but  it  has 
to  be  perceived  as  wonderful.  That  is 
one  of  the  problems.  Today’s  culture 
says  that  you  have  to  be  “cool.”  Until 
we  can  get  teenage  girls  and  young 
women  to  look  at  technology  as  being 
cool  instead  of  nerdy,  they  aren’t 
going  to  be  enthusiastic  about  it. 

Emily  M.  Hanson 
Maple  Grove,  Minn, 
emily.  m.hanson@usa.  net 
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Up  until  I  read  “The  Forgotten  Major¬ 
ity,”  I  believed  the  terms  women  and 
technology  were  a  dichotomy  of  the 
worst  extremes.  I  want  so  very  much 
to  learn  about  computers  but  have 
often  felt  intimidated  by  the  terminol¬ 
ogy,  the  austere  look  of  technological 
inventions  and  even  the  colors.  I  was 
excited  when  Apple  came  out  with 
computers  in  different  colors,  and  I 
thought  their  flowing  shape  was  beau¬ 
tiful.  At  the  time,  I  thought  that  Apple 


had  a  winner  and  was  finally  trying  to 
appeal  to  a  broader  base,  kind  of  like 
Saturn  had  done  with  cars. 

I  find  myself  secretly  wishing  that  I 
could  work  for  a  company  that  ap¬ 
pealed  to  women — to  me.  Everywhere 
you  look,  it’s  a  man’s  world  and  women 
are  trying  to  fit  in,  as  if  somehow  we 
don’t  belong  unless  we  see  things  their 
way;  and  we  can’t  succeed  unless  we 
dress  like  them  and  think  like  them. 
It’s  very  discouraging,  to  say  the  least. 


THE  FUTURE  OF  ONLINE 
SHOPPING  IS  NOT  YET 

The  Nov.  1,  2000,  Reality  Bytes  col¬ 
umn  [“Not  Clicking”]  made  some 
good  points  about  the  flaws  in  online 
shopping.  As  a  person  who  hates  shop¬ 
ping  of  any  kind  but  has  to  try  on 
everything  I  hope  to  wear,  I  would  like 
to  do  my  (infrequent)  clothes  shopping 
online,  but  I  don’t  see  it  happening. 
On  the  other  hand,  I  am  happy  to  buy 
things  online  like  books  and  tools  that 
don’t  come  in  sizes.  I  don’t  check  things 
out  in  stores  and  then  go  looking  for 
bargains  online.  (I  also  don’t  drive 
across  town  to  save  a  dime  on  a  gallon 
of  gas,  which  drives  my  wife  crazy.) 

In  the  (not  too)  long  run,  my  guess 
is  that  you  will  see  lockable  boxes  pop¬ 
ping  up  in  front  yards  around  the  coun¬ 
try.  I  don’t  see  another  answer  (although 
given  my  lack  of  vision,  that  may  not 
be  the  last  word  on  the  subject). 

As  a  resident  of  a  California  town 
that  has  had  some  success  at  retaining 
and  improving  its  downtown  area, 
I  have  some  concerns  about  the  (in¬ 
evitable)  increase  in  online  shopping, 
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PREDICTIVE  SYSTEMS 


Networks  that  mean  business. 


Are  you  sure? 


If  you’re  in  business  today, 
you’re  infrastructure  dependent 
Your  company’s  network  is 
central  to  everything  you  do, 
from  delivering  your  business 
processes  to  controlling  your 
finances  to  supporting  your 
distribution  chain.  When  the 
network  is  this  critical  to  your 
business,  the  concept  of  fast, 
reliable,  and  secure  takes  on 
new  meaning.  Fast  enough  for 
what?  How  reliable?  Secure 
from  whom?  How  do  you  know? 


Predictive  Systems’  unique 
Quantitative  Business  Analysis 
aligns  technology  investments 
with  your  company’s  strategic 
vision.  So,  you  can  make 
network  decisions  the  same 
way  you  make  any  business 
decision:  using  quantifiable 
measures  of  risk  and  reward. 


With  Predictive  Systems, 
your  network  will  support 
your  vision  100%.  We’re  sure 


For  more  information,  contact 
800-770-4958  ext.  454. 

1  vww.pred  ict  ive.  com 


InBox 


but  the  town  has  withstood  the  big 
boxes  and  drive-thrus  reasonably  well 
(although  we  do  have  a  nasty  old  chain 
bookstore  that  drove  out  a  couple  of 
local  bookstores).  I  don’t  think  this 
evolution/revolution  has  even  gotten 
started.  My  long-term  prediction  is 
that  many  players  will  fall  out  of  both 
markets  (online  and  in-person). 

Bob  Dignan 
California  Polytechnic  State  University 
San  Luis  Obispo,  Calif. 
bdignan@calpoly.  edu 


insignificant  compared  to  what  it  will 
take  to  adequately  support  them  after 
they  are  installed. 

Jake  Hoffman 

IT  Policy  Adviser 
Idaho  Tax  Commission 
Boise,  Idaho 
jhoffman@tax.  state,  id.  us 

E-MAIL  TIPS 

I  found  “The  Evils  of  E-Mail”  [Differ¬ 
ence  Engine,  Dec.  1,  2000]  to  be  timely, 
on  target  and  useful.  While  I  agree  that 


Communications— e-mail  or  otherwise- 
can  easily  have  unintended  consequences. 


SUPPORT  IS  THE  REAL  ISSUE 

Because  I  have  been  studying  this  sub¬ 
ject  for  some  time  and  sensed  a  kindred 
spirit,  I  read  Eric  K.  Clemons’s  Expert 
Advice  column  [“The  Build/Buy  Bat¬ 
tle,”  Dec.  1,  2000]  with  great  anticipa¬ 
tion.  I  was  too  hasty.  His  subject  is  not, 
as  the  title  suggests,  “build  versus  buy,” 
but  rather  “build  versus  have  built.” 
Clemons  capably  and  comprehensively 
describes  the  pros  and  cons  of  outsourc¬ 
ing,  but  I  found  little  new  information. 

The  real  challenge  today  is  evaluat¬ 
ing  the  advantages  and  disadvantages 
of  buying  prebuilt,  off-the-shelf  tech¬ 
nology  solutions  as  opposed  to  building 
them  in-house.  Should  I  ask  my  team 
of  developers  to  build  an  electronic 
spreadsheet,  or  should  I  buy  one? 
Seems  like  a  silly  question  today,  but  it 
wasn’t  that  long  ago  when  this  was  a 
real  question.  The  issues  involved  in  the 
decision  range  from  properly  assessing 
technological  acumen  to  managing  HR 
(knowledge  base/skill  set)  change.  But 
the  most  important  decision  factor, 
overlooked  in  the  column,  is  that  of 
postproduction  support.  Whether  sys¬ 
tems  are  built  internally  or  externally  or 
simply  bought  off  the  shelf  is  really 


there  are  indeed  perils  to  be  found  in  the 
use  of  e-mail,  it  may  be  as  much  the 
technology  as  its  use  that  causes  at  least 
some  of  the  problems.  Sure,  I  agree  that 
e-mail’s  anonymity,  particularly  be¬ 
tween  parties  who  don’t  know  one  an¬ 
other,  has  a  high  risk  of  being  abused. 
On  the  other  hand,  in  the  case  of  the 
author’s  example  when  he  typed,  “You 
see,  it’s  more  complicated  than  that,” 
and  his  friend  found  that  pompous,  I 
suggest  that  his  friend  would  have 
found  it  equally  as  pompous  had  the 
author  said  it  face-to-face  or  over  the 
phone.  As  it  is,  the  experience  remains 
an  example  of  how  carefully  commu¬ 
nications — whether  e-mail  or  other¬ 
wise — must  be  crafted  and  how  easily 
they  can  have  unintended  consequences. 

I  appreciated  some  of  the  column’s 
suggestions  for  helping  to  make  e-mail 
better.  I  have  found  two  techniques  that 
help  me  use  the  medium  in  a  more  pro¬ 
ductive  manner:  First,  I  express  my 
emotions,  then  delete  them.  Second,  I 
assume  my  e-mail  will  be  widely  dis¬ 
tributed.  Unfortunately,  I  have  found 
that  not  all  e-mail  correspondents  take 
the  time  to  consider  their  messages.  I 
regularly  communicate  with  one  col¬ 


league  who  is  known  for  sending  con¬ 
fusing  and  sometimes  inflammatory  e- 
mail  messages.  If  I  begin  writing  a  re¬ 
sponse  based  on  the  emotions  I  feel 
when  I  first  read  a  memo  from  this  col¬ 
league,  I  usually  end  up  deleting  it 
because  it  ends  up  responding  to  the 
flames,  not  to  the  underlying  business 
intent.  Indeed,  I  have  found  that  by 
writing  a  reactionary  paragraph  to  get 
through  the  emotions,  then  thinking 
about  the  business  needs,  I  can  then 
focus  on  writing  content  that  is  helpful 
and  valuable.  The  only  downside  is  re¬ 
membering  to  delete  the  first  paragraph 
before  sending!  But  as  the  author  sug¬ 
gests,  reviewing  e-mail  messages  before 
sending  should  be  a  standard  operation. 

Another  technique  I  use  to  stay  fo¬ 
cused  on  communicating  well  is  to  as¬ 
sume  that  my  e-mail  will  be  forwarded 
to  other  parties,  including  my  boss.  This 
is  a  great  incentive  to  remain  focused  on 
the  needs  of  the  business  and  avoid 
emotional  bantering  that  adds  no  value. 

Michael  Kaplan 
Principal  Analyst 
Westinghouse  Savannah  River  Co. 

Aiken,  S.C. 
michael.  kaplan@srs.gov 

CORRECTIONS 

We  incorrectly  identified  Dan  McNi- 
choll  and  his  company  in  “On  the 
Rise”  in  our  Feb.  1,  2001,  Enterprise 
Value  Awards  issue.  McNicholl  is  GM 
North  America’s  CIO  of  Information 
System  and  Service,  which  won  an  hon¬ 
orable  mention  in  that  issue. 

In  that  same  story,  we  transposed  the 
name  of  another  honorable  mention, 
ESAB  Welding  &c  Cutting  Products. 

We  apologize  for  the  errors. 


WHAT  DO  YOU  THINK? 

Send  your  thoughts  and  feedback 
to  letters@cio.com.  Letters  may  be 
edited  for  length  or  clarity. 
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SIEMENS 


Make  your  business  mobile  with  IP  solutions  for  the  convergence  of  voice  and 
data  networks,  www.icn.siemens.com/networkstrategy 


Wants  to  be  an  architect. 


Wants  to  take  over  daddy's  company. 


Wants  to  cnange  the  world 


Envision  your  own  future.  HiPath  takes  you  there. 

You're  investing  a  small  fortune  integrating  e-commerce  into  your  core  business 
processes  and  technologies.  You  need  an  e-CRM  solution.  You  have  mobile 
employees  who  work  remotely.  And  on  the  horizon  shines  the  future  of 
converged  networks,  with  easier  integration,  user  access  and  management. 

You  need  a  technology  investment  strategy.  One  that  lets  you  build  advanced 
solutions  today  for  the  Next  Generation  Internet  and  evolve  to  a  converged 
network  without  losing  valuable  time  or  money.  You  need  HiPath,  Siemens 
Enterprise  Convergence  Architecture.  Be  it  conventional,  IP  or  hybrid  networks. 
Network  neutral  applications.  All  the  services  you  need  to  realize  your  vision. 
HiPath,  from  Siemens  Information  and  Communication  Networks  handles  it 
all.  Learn  more  at  www.icn.siemens.com/networkstrategy 
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JDEDWARDS 


DESIGNATE  YOURSELF 

EXECUTIVE 

FREED  M 

FIGHTER. 


Rattle  some  cages.  Deploy  the  troops.  It's  time  to  power  up  your  enterprise's  collaborative  network.  After  all,  it's  collaboration 
that's  driving  profitability  in  the  Internet  Economy.  A  collaborative  network  lets  you  share  information  and  processes  with  the 
outside  world  —  so  you  can  harness  the  power  of  your  partners,  vendors,  customers  and  employees  to  boost  efficiencies,  build 
value  and  achieve  competitive  advantage.  But  to  collaborate,  you  need  absolute  freedom.  That's  what  you  get  from  J.D.  Edwards. 
We  provide  the  only  Web-enabled,  enterprise-wide  foundation  that  gives  you  the  freedom  to  choose  the  best  solutions.  You  can 
run  with  any  idea.  Plug  in  any  application.  And  connect  with  any  business  partner  running  any  software.  Ready  to  enlist? 

Visit  www.jdedwards.com/freedom 
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Load  Balanci 


HOW  INTELLIGENT  LOAD  BALANCING  LOOKS  INSIDE 


...  | 


Perhaps  the  most  intelligent  piece  of  iron  ever  built. 
Foundry’s  Server! ron  web  switch  is  the  most  versatile 
Layer  2-7  switch  purpose-built  to  manage  your  Internet 
traffic.  It  intelligently  distributes  traffic  across  servers, 
tire  walls,  caches,  even  across  data  centers  —  and  can  direct 


traffic  based  on 


cation,  server  load,  URL  content,  or 


cookies.  Brains  like  this  make  Served  ron  an  essential  component 
for  your  network  and  server  farm.  In  fact,  purchasing  it  could  be  one 
of  the  smartest  moves  you’ll  ever  make.  C 'all  Foundry  Networks  at 
1 . 88 8 . T U R BO  L A N (8 87-2652),  email  us  info@foundrynet.com  or  go 
to  wWW-foundrynetworks.com/ciosi,  and  make  the  intelligent  choice. 


OUR  NETWORK. 
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IP  Solutions 

Managed  Hosting 
IT  Consulting 


Data 


The  world’s 
first  all-optica 
network  is 
It’s  efficient,  seal 
able  and  ludicrously 
fast.  Plus,  we  own 
it.  This  allows  us  to 
provide  the  very  best 
support  and  service 
level  guarantees*  in 
industry.  18,000  coast- 
to-coast  miles  of  network 
design  bliss.  Broadwing 
is  the  product  of  passion. 
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Edited  by  Sandy  Kendall 


INNOVATION 


The  Big  Chill 

\  m*. 


By  Meg  Mitchell  Moore 


AS  CONSUMERS,  we  all  fancy  ourselves 
inventors  at  one  time  or  another.  Who  hasn’t 
uttered  this  question:  Wouldn’t  it  be  nice  if 
they  made  a  (insert  the  name  of  product)  that 
did  (insert  brilliant  idea)?  But  if  the  idea  never 
meets  the  people  who  can  put  it  into  action, 
it  simmers  without  ever  coming  to  a  boil. 

One  website  is  working  to  change  that. 
Last  fall  Brightidea.com  introduced  the 
Icebox  Innovation  Contest.  Sponsored  jointly 
with  Sears  Kenmore,  the  contest  challenged 
consumers  to  come  up  with  ideas  for 
refrigerators.  “People  who  design 
refrigerators  deal  with  a  blank  canvas,”  with 
no  input  from  outsiders,  says  Matthew 
Greeley,  CEO  of  Brightidea.com,  a  site  that 
invites  the  sharing  of  all  sorts  of  ideas.  If  cre¬ 
ators  hear  from  the  people  who  use  their 
products,  they’ll  be  more  likely  to  keep  their 
designs  crisp. 

Brightidea.com  promoted  the  contest  on 
its  website,  with  banner  ads  and  a  market¬ 
ing  campaign.  More  than  3,500  individuals 
submitted  over  4,000  ideas,  ranging  from 
the  wacky  (how  about  a  fridge  with  a  seat 
for  cooling  off  in  the  summer?)  to  the  emi¬ 
nently  useful  (let’s  find  a  way  to  keep  those 
darn  leftovers  from  getting  lost  in  the  back). 
Entrants  could  submit  drawings  but  none 
were  required.  Judges  included  a  senior 

Continued  on  Page  34 
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criminals  too. 


In  Canada,  16-year-old 
“Mafiaboy”  pleaded  guilty  in 
January  to  56  charges  of  com¬ 
puter  mischief.  He  is  allegedly 
responsible  for  last  year’s 

denial-of-service  attacks  to 

. 

Amazon.com,  Dell  Computer, 
eBay  and  Yahoo,  and  security 


m 


breaches  at  CNN,  Harvard  and 
Yale.  He  faces  up  to  two  years  in 
juvenile  detention. 

Dennis  Moran,  the  18-year- 

old  known  as  “Coolio,”  pleaded 

■ 

guilty  in  January  to  three  mis¬ 
demeanor  charges  stemming 
from  break-ins  and  defacements 
of  the  website  of  Internet  secu¬ 
rity  company  RSA  Security  and 
antidrug  site  DARE.com.  He’ll 
serve  nine  months  to  a  year  in 
jail  and  pay  $5,000  restitution 
to  each  victim. 

Feeling  insecure?  For  more 
coverage  of  security  matters, 
see  Trendlines  on  Pages  40  and 
44,  and  our  special  section 
starting  on  Page  80. 


“your  ceo’s  handheld  is  a  pollination  device  for  malicious 

db 
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MOBILE  CODE.  -Mudge,  vice  president  of  research  &  development,  @Stake,  speaking  at  the  internet  Security  Forum  sponsored 

by  CIO  and  Darwin  magazines  and  the  U.S.  Critical  Infrastructure  Assurance  Office 


32  CIO  MARCH  1,  2001  •  www.cio.com 
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Boom  !  Just  when  you  thought  that  your  company’s 
information  systems  couldn’t  get  any  more  com¬ 
plicated,  along  comes  the  e-commerce  revolution. 
And,  with  it,  an  explosion  of  new  data  about  online 
customers  and  supply  chains.  As  the  world  leader 
in  data  warehousing  and  e -Intelligence,  SAS  trans¬ 
forms  this  data  into  the  knowledge  you  need.  To 
optimize  customer  and  supplier  relationships.  To 
reveal  unseen  opportunities  for  cross-selling  and 
enhancing  customer  loyalty.  Ultimately,  making 
your  e-commerce  operation  an  e-profit  machine. 
For  more  details  on  e-Intelligence  solutions  from 
SAS, call  1-800-727-0025  or  stop  by  www.sas.com. 

The  Power  to  Know „ 


tm  e- Intelligence 
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The  Big  Chill 

Continued  from  Page  32 
product  designer  at  Sears  Kenmore, 
Greeley  and  one  of  the  cosponsoring  sites. 
The  first-place  winner,  an  entrant  from 
Birmingham,  U.K.,  received  $2,000  in  cold 
cash.  Second  and  third  place  received 
$1,000  and  $500,  respectively.  The  win¬ 
ning  concepts  become  the  property  of 
Sears  Kenmore — Brightidea.com  can’t  re¬ 
veal  the  specifics.  Sears  Kenmore  will  also 
collect  information  about  the  most  fre¬ 
quently  occurring  suggestions  to  consider 
them  for  future  designs. 

Brightidea.com  will  keep  working  to  bring 
together  ideas  with  people  who  can  make 
them  happen.  A  handheld  device  contest 
debuted  in  January  and  in  the  works  are 
deals  with  airlines  and  automakers.  Cus¬ 
tomers  may  not  always  be  right,  but  Bright- 
idea.com  is  banking  on  the  fact  that  they’ll 
be  creative. 


Maynard  B 


Free  Tibet 


EVER  WONDER  HOW  to  find 
Nirvana?  Thanks  to  professional  pho¬ 
tographer  and  website  producer  Peter 
Danford,  enlightenment  is  now  just  a 
click  away  at  www.tibetgame.com  and 
is,  of  course,  free.  But  that  doesn’t 
mean  it’s  going  to  be  easy! 

Begin  your  quest  in  Tibet's  capital 
city,  Lhasa,  with  1,000  renminbi 
(Chinese  dollars),  three  illegal  photos  of  the  Dalai  Lama  and  no  karma.  As  you 
explore  Tibet  via  24  interlinked  panoramas,  the  karmometer  keeps  track  of  your 
progress.  Danford  created  the  fluid  360-degree  panoramas  using  LivePicture’s 
PhotoVista,  “stitching”  together  eight  photographs  of  each  scene  taken  at  45- 
degree  increments  with  a  16  mm  fish-eye  lens.  The  final  touches  came  from  IBM 
Hotmedia,  which  turns  the  views  into  interactive  playgrounds.  Clickable  “hot 
spots”  offer  a  variety  of  stunning  audio  and  visual  experiences  depicting  Tibetan 
history  and  culture.  Danford  also  presents  political  issues  facing  Tibet,  making 
the  site  a  pointed  as  well  as  lively  educational  tool.  Rhetoric  is  kept  at  a  mini¬ 
mum,  however— the  viewpoints  never  overshadow  the  views.  - Amanda  S.  Fox 
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of  Peooieloft,  irsc. 


Matching  people  to  projects  is  good. 
Matching  people  to  profits  is  better. 


www.peoplesoft.com/psa  1.888.773.8277 


With  PeopleSoft  Professional  Services  Automation,  matching  the  right  people  to  the  right  projects 
is  just  a  start.  From  recruitment,  to  contracts,  right  through  to  client  billing,  PeopleSoft’s  solution  allows 
you  to  manage  every  aspect  of  your  business  and  maximize  your  people’s  time  —  not  to  mention  your 
profitability.  And,  because  PeopleSoft’s  new  generation  of  e-business  applications  are  the  only  ones 
built  to  run  purely  on  the  internet,  you  can  do  all  of  this  on  your  web  browser.  That’s  why,  with  over  150 
professional  services  customers  to  date,  we’re  one  of  the  most  trusted  names  when  it  comes  to  projects, 
profits,  and  of  course,  people. 


CUSTOMERS  •  EMPLOYEES  •  SUPPLIERS 


People  power  the  internet: 


Illlllllllllllllllll 


Considering  a 


wireless 


application? 


With  Motient's  wireless  data  network,  you'll  stay  connected,  even  when  you're  deep  inside  a  building.  Because  our 
network  reaches  everywhere  your  wireless  information  needs  to  go.  Motient's  national  footprint  is  the  industry's  most 
extensive.  So  you  can  depend  on  reliable,  enterprise-wide  connectivity  no  matter  what  your  mobile  application. 
From  sales  force  automation  and  field  service  support  to  wireless  email,  CRM  or  ERP— Motient  can  wirelessly  enable 
vour  most  critical  business  applications. 
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L 


WHEN  YOU'RE  100  FLOORS  UP 
AND  100  FEET  IN,  OUR  NATIONWIDE 

NETWORK 

MAKES  ALL  THE  DIFFERENCE. 


For  the  broadest  national  coverage,  the  best  in-building  penetration  and  the  most 
reliable  wireless  data  service,  remember:  the  network  makes  all  the  difference. 


To  learn  how  Motient  can  help  make  your  wireless  application  a  reality, 
call  1-800-872-6222,  ext.  7101  or  go  to  www.motient.com. 


©2001  Motient  Corporation 
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Analyzing  Product  Development 

PRODUCT  DEVELOPMENT  STRATEGY  can  have  a  measurable  impact  on  revenue 
growth,  according  to  a  recent  survey  conducted  by  Waltham,  Mass.-based  management 
consultancy  Pittiglio  Rabin  Todd  &  McGrath’s  (PRTM)  Performance  Measurement 
Group.  The  study  surveyed  120  subscribers  to  PRTM’s  online  benchmarking  service 
from  seven  industries  (aerospace  and  defense,  automotive,  chemicals  and  applied  materials, 
computers  and  electronic  equipment,  medical  products,  semiconductors,  and  telecommu¬ 
nications).  Results  show  that  companies  achieving  portfolio  management  excellence,  or 
Stage  3  in  PRTM’s  product  development  model  (see  “Average  Annual  Revenue  Growth 
Rate,”  below),  experience  more  than  50  percent  faster  revenue  growth  than  Stage  2  com¬ 
panies,  based  on  data  collected  from  1996  through  1999.  Companies  that  have  reached 
only  the  functional  management  stage  lag  Stage  2  companies  by  33  percent  in  revenue 
growth.  No  companies  in  the  study  reached  Stage  4. 


AVERAGE  ANNUAL  REVENUE  GROWTH  RATE 

Categorized  by  the  maturity  of  a  company's  product  development  practices 


NA 


19% 


NA 
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Project  |  Portfolio 

Management  <  Management 
Excellence  Excellence 


NOT  ALIGNED 

Informal  approach 
to  project  manage¬ 
ment  resulting  in 
unpredictable  de¬ 
velopment  cycles 


I 


Each  function  devel¬ 
ops  product  plans 
with  no  mechanism 
for  aligning  plans 
across  the  company 


Cross-functional 
management  of 
development  process 
ensures  a  go/no-go 
decision  at  each 
stage  of  the  product 
development  and 
launch 


Management  eval¬ 
uates  explicitly  de¬ 
fined  product,  plat¬ 
form  and  market 
plans  in  the  context 
of  a  clear  business 
strategy 


S  Collaborative/ 

<  Cross-Enterprise 

I  Excellence 


ALIGNED 


Integrated  innovation 
chain  formed  by  link¬ 
ing  processes  across 
internal  and  external 
business  partners  for 
maximum  leverage; 
information  shared 
across  company  and 
selected  partners 


Best  Practices 

1  •  Assess  your  entire  product 
portfolio.  Most  companies  are 
moving  from  Stage  1  to  Stage  2 
by  focusing  on  customizable  pro¬ 
cesses  and  cross-functional  teams, 
according  to  Michelle  Roloff,  chief 
analyst  for  PRTM’s  Performance 
Measurement  Group.  To  get  to 
Stage  3,  Roloff  says,  “Companies 
must  make  decisions  with  the  entire 
product  portfolio  in  mind,  not  indi¬ 
vidual  projects.” 

•  Use  Web-enabled  tools  to 
involve  everyone.  Incorporating 
such  technology  will  supply  consis¬ 
tent  information  (like  accurate  roll¬ 
ups  of  resource  availability  and 
project  status  updates)  to  all  parties. 
Top  companies  work  to  create  a 
cross-functional  decision-making 
process,  involving  all  company 
functions  (from  marketing  and 
customer  service  to  engineering) 
in  the  product  development  effort. 

3  •  Allow  for  process  changes. 

Top  performers  believe  that  product 
development  processes  continually 
evolve  and  allow  for  quick  changes. 
“Design  processes  used  to  be  much 
more  rigid,”  Roloff  says.  “Today 
companies  should  provide  guide¬ 
lines  for  product  development,  but 
leave  room  for  customization  of 
individual  steps  and  tasks.” 

4  •  Learn  from  the  experts.  It  can 

take  one  to  two  years  for  new  prac¬ 
tices  to  take  hold  in  an  organiza¬ 
tion.  Don’t  try  to  learn  everything 
internally.  Start  by  comparing  your 
current  capabilities  to  peer  compa¬ 
nies  and  by  identifying  gaps  in  per¬ 
formance  between  your  company 
and  best-in-class  performers  in  your 
industry. 

SOURCE:  PRODUCT  DEVELOPMENT 
BENCHMARKING  SERIES,  PRTM  PERFORMANCE 
MEASUREMENT  GROUP.  2000 

Suggest  future  topics  to 

numberga)cio.com. 
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Who  Let  the  Bugs 


By  Lauren  Capotosto 

EVERY  TIME  YOU  think  you’re  on  top  of  security  issues,  another  bug  comes 
along  to  bite  you.  In  a  computer  security  report  conducted  last  year  by  the 
Computer  Security  Institute  and  the  San  Francisco  Federal  Bureau  of 
Investigations  Computer  Intrusion  Squad,  70  percent  of  respondents  (mostly 
large  corporations)  reported  that  they  had  experienced  unauthorized  use  of 
computer  systems  in  the  past  year. 

To  help  you  stay  abreast  of  software  vulnerabilities,  The  National 
Infrastructure  Protection  Center,  a  division  of  the  FBI  based  in  Washington, 
D.C.,  publishes  CyberNotes  every  two  weeks;  the  free  online  newsletter  informs 
IT  and  security  professionals  of  the  latest  bugs,  holes  and  patches.  CyberNotes 
details  vendor  or  operating  system,  software  name,  potential  vulnerability,  iden¬ 
tified  patches,  common  vulnerability  name,  level  of  potential  risk  and  exploit 
scripts,  if  known.  The  Dec.  4  issue,  for  example,  indicates  that  for  software 
Adcycle  0.77b,  “a  vulnerability  exists  if  the  installation  is  not  completed,  which 
could  let  a  remote  malicious  user  obtain  the  management  user  name/password,”  a 
helpful  tidbit  for  security  professionals.  CyberNotes  compiles  information  from 
sources  like  @Stake,  Bugtraq,  eSecurityOnline.com,  Microsoft  Security  Bulletin, 
Securiteam  and  Security  Advisory.  To  learn  more  about  how  to  track  these 
pesky  bugs,  check  out  www.nipc.gov/cybernotes/cybernotes.htm. 


Think  Like  a 
Hacker 

IF  YOU  WANT  to  beat  the  attackers,  you’ve 
got  to  think  like  a  hacker.  That’s  the  premise  of 
computer  security  company  Foundstone's  four- 
day  Ultimate  Hacking  course.  Using  Found- 
stone’s  self-contained  network  to  hack  into  sim¬ 
ulated  systems,  class  participants  learn  the  vul¬ 
nerabilities  of  their  own  systems  through  the 
eyes  of  an  attacker.  This  perspective  reveals  a 
new  world  of  weaknesses,  says  George  Kurtz, 
CEO  of  the  Irvine,  Calif.-based  company.  "We’ve 
actually  had  people  run  out  in  the  middle  of 
class  to  call  their  system  administrator  to  make 
some  changes  on  the  fly,”  he  says.  But  mostly 
they’re  riveted  to  their  seats  by  topics  like  foot¬ 
printing,  Unix  security,  protecting  Windows,  and 
firewalls  and  other  esoteric  techniques,  all  cov¬ 
ered  in  the  $3,500  class. 

Steve  Peters,  a  senior  security  engineer  in 
Herndon,  Va.,  for  the  Chicago-based  Marchfirst, 
a  global  professional  services  company,  took 
the  course  last  November  because  he  was  look¬ 
ing  for  ways  to  protect  his  company  from 
cybersabotage.  “The  course  gives  you  the  abili¬ 
ty  to  keep  ahead.  I  was  definitely  able  to  make 
changes  and  recognize  different  avenues  that 
malicious  people  could  take  if  they  wanted  to 
break  into  the  network,"  he  says. 

To  ensure  that  students  use  this  newfound 
knowledge  for  good,  Foundstone  requires  them 
to  sign  legal  forms  indicating  they  will  use  the 
techniques  only  for  internal  purposes.  A  signed 
piece  of  paper  is  not  going  to  stop  a  hacker 
bent  on  mischief,  although  the  price  tag  of  the 
course  might.  - Lauren  Capotosto 


“The  typical  virus  writer  is  a  15-  to  24-year-old 
male.  They  call  themselves  Dark  Avenger  and 
Nowhere  Man  because  there’s  something  missing 
in  their  lives.  They  grow  up,  go  to  university, 
meet  girls,  and  they  stop  writing  viruses.” 

-Graham  Cluley,  senior  technical  consultant,  Sophos 
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LEVERAGE  EXISTING  ENTERPRISE  SYSTEMS 


WITH  OUR  WEB-TO-HOST  SOLUTIONS. 


SAVE  TIME  AND  MONEY 

WITH  E-SOLUTIONS  FROM  ATTACHMATE.® 

When  you  leverage  your  enterprise  by  providing  real-time  direct  access  to  legacy  information  with  new  Web-based  applications, 
you’re  empowering  your  entire  organization  to  succeed.  Partner  with  Attachmate)1  a  leading  provider  of  Web-based  host  access  and 
application  integration  solutions.  Build  your  competitive  advantage  through  efficiencies  in  overhead,  productivity  and  customer 
satisfaction  and  start  putting  your  employees,  business  partners  and  customers  in  the  know.  Turn  your  legacy  business  into  e-business. 
For  more  information,  contact  us  at  1-800-933-6793  (ext. 4428)  or  at  www.attachmate.com  and  learn  why  four  out  of  five  Fortune  500 
companies  and  over  12  million  users  worldwide  rely  on  Attachmate. 


attachmate 

enterprise  solutions  for  the  e-worldSM 


©2000  Attachmate  Corporation.  All  Rights  Reserved.  Attachmate  is  a  registered  trademark,  the  Attachmate  logo  is  a  trademark  and  enterprise  solutions  for  the  e-world  is  a  service  mark  of  Attachmate  Corporation.  All 
other  trademarks  and  registered  trademarks  are  the  property  of  their  respective  owners. 


SOLUTIONS  FROM  DELL,  MICROSOF1 
GIVING  IMPOSSIBLE  AN  INFERIORITY 


pentium®/// 

xeonJj 


Microsoft  and  Windows  are  trademarks  of  Microsoft  Corporation.  Intel  and  Pentium  are  registered  trademarks  and  Xeon  is  a 
trademark  of  Intel  Corporation.  USATODAY.com  is  a  registered  trademark  of  Gannett  Co.  Inc.  UNIX  is  a  registered  trademark  of 
The  Open  Group.  Dell,  PowerEdge  and  the  Dell  logo  are  trademarks  of  Dell  Computer  Corporation.  ©2001  Dell  Computer 
Corporation  and  Microsoft  Corporation.  All  rights  reserved. 


AND  INTEL 
COMPLEX. 


fli 


At  Del  I JM  Microsoft  and  Intel?  we  specialize  in  solving  the 
impossible.  Offering  customized  solutions  that  scale  on  demand 
with  the  reliability  and  interoperability  you  need.  And  we  do  it  to 
meet  your  timetable. 

One  call  to  Dell  and  we'll  consult,  design,  build  and 
service  an  Internet  solution  custom  fit  to  your  needs.  Our  server 
and  storage  systems  arrive  custom-configured  and  ready  to  run 
— 24x7.  We'll  even  help  you  set  it  up.  With  our  rackable,  scalable 
servers  and  the  proven  performance  of  Microsoft®  Windows® 
2000,  we  know  what  it  takes  for  your  company  to  grow  its  e-business. 
We've  already  provided  fast,  effective  solutions  to  a  growing 
list  of  companies.  And  we  can  do  the  same  for  yours. 

When  USATODAY.com  needed  a  reliable,  easy-to-use, 
scalable  platform  to  drive  their  2000  Summer  Games  Web  site, 
we  had  the  site  up  and  running  in  only  seven  weeks. 

Why  do  many  corporations  choose  Windows  2000 
running  on  Dell  PowerEdge™  servers  with  Intel®  Pentium®lll 
Xeon™  processors  to  power  their  e-business  solutions?  Because 
together  they  deliver  an  alternative  to  UNIX®  that  is  highly 
scalable,  highly  reliable  and  easily  customized.  In  fact,  more 
applications  have  been  developed  for  the  Windows  platform 
than  any  other  platform  in  history.  Windows  2000  also  provides 
greater  interoperability,  and  significantly  reduces  the  cost  of 
ownership  over  previous  Windows  versions. 

Want  more  information  on  products  and  services  for 
your  e-business?  Get  answers  at  the  speed  of  Dell,  Microsoft  and 
Intel.  Log  on  to  www.dell.com/ebusiness. 


D*LL 


E-business  solutions,  made  easy  with  Dell 


800.900.DELL 

WWW.DELL.COM/EBUSINESS 
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WORKFORCE 


Dangers  @Home 


By  Brion  O’Connor 

OUT  OF  SIGHT,  out  of  mind?  Not  a 
wise  approach  for  company  managers 
with  employees  working  on  the  road  or 
from  home.  While  great  strides  have  been 
made  in  creating  a  safer  office  environ¬ 
ment — from  ergonomically  correct  chairs 
and  keyboards  to  eye-friendly  computer 
monitors — the  trend  toward  four-wheeled 
home  offices  is  offering  a  whole  new  fron¬ 
tier  for  workplace  injury  and  ailment. 

''‘'Office  is  a  kind  of  loose  term  these 
days,”  says  Wayne  Maynard,  product  di¬ 
rector  for  ergonomics  for  Liberty  Mutual 
Research  Center  for  Safety  and  Health  in 
Hopkinton,  Mass.  “People  don’t  have  to 
be  in  a  cubicle  or  in  one  place  to  do  busi¬ 
ness  anymore.  So  we’re  also  talking  about 
different  types  of  [workplace]  hazards — 
vehicles,  cell  phones,  digital  wireless  tech¬ 
nology,  laptop  computers.  For  example, 
you  hear  of  people  working  on  comput¬ 
ers  while  they’re  driving.” 

In  this  brave  new  world  of  high-tech 
communications,  companies  are  eager  to 
take  advantage  of  the  flexibility  provided 
by  equipment  that  gives  employees  more 
mobility.  But  how  can  businesses  manage 
the  safety  of  people  they  don’t  see? 

The  challenge  for  companies  is  to  rec¬ 
ognize  hazards,  enhance  safety  programs 
to  include  offsite  employees,  budget  for 
safety  accessories  and  develop  strategies 
to  make  sure  employees  work  safely  with 
the  equipment  provided.  Technology  that 
takes  workers  away  from  the  office  will 
continue  to  develop.  “That’s  going  to  make 
managing  safety,  and  managing  and  assess¬ 
ing  risk  more  difficult,”  Maynard  says. 

But  a  company’s  obligation  to  ensure 
safety  remains.  Managers  must  now  con¬ 
sider  a  variety  of  assessment  tools  to  help 
satellite  employees  create  a  safer  work 


environment,  from  web¬ 
sites  providing  self-assessment 
questionnaires  and  guidelines  to 
training  programs,  such  as  videos. 

Maynard  adds  that  many  high-tech 
companies  have  employees  working  at  a 
client’s  offices,  which  raises  other  legal 
concerns.  Officials  with  the  Department  of 
Labor’s  Occupational  Safety  and  Health 
Administration  (OSHA)  raised  eyebrows 
last  year  when,  asked  for  a  ruling  by  a 
Texas  credit  company,  determined  that 
organizations  are  liable  for  their  at-home 
workforce.  However,  OSHA  officials  have 
since  revised  that  ruling  and  adopted  a  for- 


SECURITY 


mal  policy 
not  to  inspect 
individual  homes. 
Since  worker’s  com¬ 
pensation  claims  fall  und¬ 
er  state  guidelines,  managers 
must  be  aware  of  the  applicable 
state  laws. 

For  information  on  ergo¬ 
nomics  in  the  traditional  office, 
on  the  road  or  at  home,  contact  the 
National  Institute  for  Occupational  Safety 
and  Health  at  800  356-4674,  or  visit  the 
OSHA  website  at  www.osha-slc.gov/ 
ergonomics-standard/index.html. 


Upcoming  Events 

INTERNET  SECURITY  POLICY  FORUM:  MARCH  22,  2001  In  partner 
ship  with  the  U.S.  Department  of  Commerce’s  Critical  Infrastructure  Assurance 
Office  (CIAO),  CIO  and  sister  publication  Darwin  will  host  this  forum  at  the  U.S. 
Chamber  of  Commerce  in  Washington,  D.C.  It  will  focus  on  information  assur¬ 
ance  risks  facing  the  business  community  today,  as  well  as  international  and 
domestic  solutions.  Harvard  Law  Professor  Arthur  Miller  will  moderate  a  dis¬ 
cussion  among  congressional  leaders,  security  experts  and  business  execu¬ 
tives.  CIO  magazine  Editor  in  Chief  Abbie  Lundberg  will  also  participate.  For 
more  information,  visit  www.cio.com/webcast. 

GLOBAL  INFOSEC  2001:  MARCH  30,  2001  The  United  Nation’s 
Working  Group  on  Informatics,  the  U.N.  IT  Task  Force  and  AIT  Global  will 
present  this  conference  on  information  security  and  e-commerce.  It  will  cover 
encryption,  security  measures  and  procedures,  antivirus  and  anti-hacker  meas¬ 
ures,  webpage  protection  and  interception  capabilities  and  countermeasures. 

It  will  be  held  in  the  U.N.  Conference  Center  in  New  York  City.  For  more  infor¬ 
mation,  contact  AIT  Global  at  631  269-6713. 


GOOD  JUDGMENT  COMES  FROM  EXPERIENCE.  UNFORTUNATELY,  THE 
EXPERIENCE  USUALLY  COMES  FROM  BAD  JUDGMENT.”  -Anonymous 
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ILLUSTRATION  BY  DOUG  ROSS 


Your  e-mail  system  is  only  as  reliable  as  the  security  measures  that  are  in  place  to  protect  it. 
That’s  why  you  need  United  Messaging.  Our  experts  will  recommend  and  implement  a 
messaging  system  that  not  only  transports  your  data,  but  protects  it  as  well — keeping 
your  business  communications  safe  from  electronic  threats  like  viruses,  spam  and 
inappropriate  content.  With  United  Messaging,  you’ll  know  the  only  thing  getting  through 
your  e-mail  system  is  your  e-mail.  For  e-mail  that’s  as  secure  as  it  is  reliable,  call 
United  Messaging  at  1-888-993-5088,  or  visit  us  atwww.unitedmessaging.com. 
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Pizi  Moves  to  Level 

WHEN  HE 
STARTED  at 

Merrill  Lynch  as  a 
programmer/analyst 
in  1983,  Anthony 
Pizi  actually  took  a 
pay  cut.  He’d  been 
in  mining  engineer¬ 
ing  but  thought 
software  engineering  was  the  wave  of  the 
future — even  if  he  did  have  to  settle  for  a 


8 

$22,500  starting  salary.  Seventeen  years 
later,  having  worked  his  way  up  to  CTO 
of  the  company’s  Private  Client 
Architecture  Group,  Pizi  laughs  and  says, 
“I  think  I  made  the  right  decision.” 

Now  he’s  made  another.  As  of  Jan.  1, 
Pizi  joins  Level  8,  a  Cary,  N.C.-based 
e-business  software  vendor,  as  chairman 
and  CTO.  Pizi  will  provide  strategic 
direction  for  all  of  the  company’s  prod¬ 
ucts,  as  well  as  offer  direction  on  the 


creation  of  new  products  and  services. 
“Hopefully,  I  won’t  be  involved  in  day- 
to-day  operations,”  Pizi  says.  “At  Merrill 
Lynch,  there  were  850  people  in  the  [IT] 
organization,  and  it  seemed  like  I  just 
moved  from  situation  to  situation.  I  did 
not  see  the  strategic  elements  [of  the 
job].”  At  Level  8,  the  bulk  of  Pizi’s  job 
will  be  strategy.  “The  challenge  is  going 
to  be  execution,”  he  says.  “We  have  to 
make  certain  we  have  good  technology 
staff  and  partnerships.  We’re  going  to  be 
selective  about  who  we  partner  with.” 

Reflecting  on  his  17-year  career  at 
Merrill  Lynch,  Pizi  says  he’s  most  proud 
of  the  culture  he  helped  develop  in  his 
organization.  “I  think  I’m  leaving  a  legacy 
of  a  meritocracy,”  he  says.  “We  were 
progressive  in  the  way  we  approached 
technology  and  teaming.  The  culture  was 
diverse  and  highly  respected — and,  hey,  I 
came  up  through  the  ranks,  right?” 

Although  Level  8  is  based  in  North 
Carolina  (with  offices  in  Denmark, 
France,  Germany,  Italy,  Sweden  and  the 
United  Kingdom),  Pizi  will  operate  out  of 
a  New  Jersey  office. 


Anthony  Pizi 


Player’s  Guide 

Robin  Alston  Vertac  Corp. 

Alston  has  joined  Boston-based  Vertac  as  CTO  for  the  marketplace  service  provider.  Alston  will  refine  and  drive 
the  technology  behind  the  company’s  Marketspeed  Solution  product,  which  enables  target-marketing  through  an 
e-marketplace. 


Stephen  C.  Hassell  mmmmmmmnnniwmimrnmmrvTimiwmm  ■>  Newport  News  Shipbuilding 

After  almost  three  years  as  CIO  at  Newport  News  Shipbuilding,  Hassell  has  been  promoted  to  CIO  and  vice 
president  of  the  Newport  News,  Va„  shipyard.  In  this  role,  Hassell  is  responsible  for  all  aspects  of  the  yard’s  IT 
systems,  including  network  infrastructure  and  data  center  operations. 


Henriques  has  joined  J.A.  Webster  as  CIO  of  the  Sterling,  Mass.-based  animal-health  pharmaceutical  wholesale  dis¬ 
tributor.  Previously,  Henriques  led  IT  at  HighGround  Systems  in  Marlborough,  Mass. 


Chris  Moody 


Aquent 


Recently  named  CIO  at  Aquent,  a  Boston-based  talent  agency  for  design  and  Web  professionals,  Moody  will  develop 
new  systems  and  programs  to  make  it  easier  for  clients  and  staff  to  do  business  with  the  company. 


Dan  Wakeman  ElastomerSolutions 

ElastomerSolutions,  a  Horsham,  Pa. -based  online  trading  community  for  the  elastomers  industry,  has  named 
Dan  Wakeman  as  its  new  CTO.  A  veteran  IT  executive,  Wakeman  previously  served  as  CTO  at  DuPont  Dow 
Elastomers. 
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(g)  business  hosting 


IBM  E-BUSINESS  HOSTING™  CAN  HELP  YOU  BECOME  A  FORMIDABLE  FORCE  ON 
THE  WEB.  OUR  RAPIDLY  SCALABLE  AND  REDUNDANT  NETWORKS  ENABLE  YOUR 
E-BUSINESS  TO  GROW  -  AND  GROW  FAST  -  WITHOUT  INTERRUPTION.  AND  WE 
HAVE  THE  EXPERIENCE  OF  HOSTING  SOME  OF  THE  MOST  HEAVILY  TRAFFICKED 
E-BUSINESSES  IN  THE  WORLD,  INCLUDING  VICTORIASSECRET.COM.  E-BUSINESS 
HOSTING.  ONLY  FROM  IBM. 


m 


BUSINESS  MEETS  E-BUSINESS  EVERY  MINUTE  AT:  HSN.COM  /  BARNESANDNOBLE.COM  /  CREDIT 
SUISSE  FIRST  BOSTON  /  FREEMARKETS.COM  /  GMAC  /  LYCOS  /  NASDAQ  /  NORDSTROM  / 
RADIOSHACK  /  TICKETMASTER  /  ALLSTATE.COM  /  COMMERCEONE.COM  /  MSN 


<  Photos  taken  in  St.  Petersburg,  Florida  at  the  online  subsidiary  of  the 
Home  Shopping  Network.  HSN.com  recently  converted  from  a  mixed 
platform  to  a  Microsoft  and  Intel-based  e-commerce  solution. 


WELCOME  BACK  TO  REALITY. 

The  truth  has  been  made  abundantly  clear:  The  most  important  part  of  e-business 
is  business.  Which  is  why  successful  e-businesses  no  longer  accept  solutions 
with  proprietary  operating  systems  and  staggering  price  tags.  And  93%  of  the 
world's  developers  build  applications  on  Microsoft®  web  solutions  and  Intel- 
based  servers.  In  the  end,  it  comes  down  to  good,  old-fashioned  business  sense: 

Flexibility.  To  get  your  business  on  the  web  quickly,  customized  to  your  needs, 
with  the  support  of  an  enormous  developer  community. 

Availability.  To  make  your  products  and  services  accessible  to  your  customers 
and  employees,  up  to  100%  of  the  time! 

Scalability.  To  allow  your  web-based  business  to  grow  quickly  and  painlessly, 
up  to  more  than  500,000  transactions  per  minute! 

Find  out  how  the  most  successful  e-businesses,  from  Lycos  to  NASDAQ, 
combine  the  power  of  Microsoft  and  Intel  to  run  a  better  business.  Visit 

www.intel.com/go/bizmeetsebiz  and  www.microsoft.com/ecommerce. 


Microsoft 


*  Availability  up  to  100%  cited  in  OEM  Service  Level  Agreements  offered  by  Microsoft  and  Intel  solution  providers.  T  Compaq  ProLiant  8500-700-1 92P,  achieving  505,302  tpmC,  at 
$19.80/tpmC;  avail.  11/30/00;  total  system  cost:  US$10,003,826.  For  complete  results,  visit  the  TPC  website  (www.tpc.org).  ©2001  Intel  Corporation  and  Microsoft  Corporation.  Intel  is  a 
registered  trademark  of  Intel  Corporation.  Microsoft  and  Windows  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and  /  or  other  countries. 
All  other  brands  and  trade  names  are  the  property  of  their  respective  companies.  All  rights  reserved 


Davenport  on 


Strategic 
Sourcing  Lives! 

Where’s  the  gold  in  them  thar  e-markets? 

BY  TOM  DAVENPORT 


WHEN  I  FIRST  BEGAN  to  research  e-commerce  networks  and  mar¬ 
kets  with  two  colleagues  (Jeff  Brooks  and  Sue  Cantrell)  a  year 
ago,  I  was  not  quite  as  bullish  as  they.  I  wasn’t  as  sure  that  e- 
markets  would  transform  business-to-business  relationships,  or 
as  optimistic  that  huge  savings  from  purchasing  efficiencies 
would  be  created.  The  diligent  reader  of  this  column  (Joe  is 
his  name,  I  believe,  and  I’m  very  grateful  to  him)  will  remem¬ 
ber  that  when  I  wrote  about  the  topic  in  the  April  1,  2000, 
issue  of  CIO  (“Nets  Upon  Nets”),  I  was  a  little  schizophrenic. 
That  column  was  a  dialogue  between  the  skeptic  and  the 
visionary  observer  of  e-markets,  and  although  I  said  I  thought 
the  visionary  won  the  debate,  Joe  might  have  observed  that 
there  were  more  skeptical  than  visionary  paragraphs. 

In  the  (much  less  important)  world  outside  of  my  own  mind, 
it  appears  that  the  skeptics  are  winning  out.  It  wasn’t  that  long 
ago  that  I  could  read  a  press  release  each  day  on  the  formation  of 
a  new  e-market;  now  I  can  read  a  daily  dose  of  negativism  in 
the  IT  and  e-commerce  press  about  these  nascent  companies. 

Certainly  there  was  potential  for  these  e-markets  to  reshape 
B2B  commerce.  They  offered  access  to  more  suppliers  and  cus- 
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tomers,  the  potential  exchange  of  virtually  all  types  of  infor¬ 
mation,  and  the  ability  to  dynamically  price  goods  and  services 
through  mechanisms  such  as  auctions  and  yield  management. 
The  development  of  e-market  standards  across  entire  indus¬ 
tries  offered  the  possibility  of  new  communities  of  commerce 
in  which  it  would  be  just  as  easy  to  transact  with  another  com¬ 
pany  as  with  your  own.  Because  there  were  some  real  advan¬ 
tages  to  independent  e-markets  and  because  the  world  loves  to 
think  that  a  bunch  of  e-Davids  could  slay  the  B2B  Goliaths, 
the  whole  concept  took  wing  with  reporters  and  equity  analysts. 
It  didn  t  hurt  that  B2B  e-markets  came  along  at  about  the  time 
that  business-to-consumer  businesses  were  flagging  a  bit. 

But  we  were  all  being  a  little  naive  about  how  B2B  e- 
markets  would  take  off.  They  have  not  taken  off — at  least 
most  of  them  aren  t  thriving,  and  some  are  beginning  to  die. 
Our  data,  based  on  a  sample  of  120  e-markets,  suggest  that 


ILLUSTRATION  BY  PJ  LOUGHRAN 


It  could  be  a  fire.The  worst  storm  in  decades.  Or  a  deadly  virus.  But  when  it  hits,  it 
could  knock  out  your  system  for  hours,  even  days.  And  you  know  how  much  that  could 
cost.  Unless  you  have  the  right  business  continuity  plan  in  place.  SunGard  can  help, 
with  a  range  of  highly  responsive,  surprisingly  affordable  options.  (You  will  even  spend 
less  on  a  pre-configured  SunGard  recovery  package  than  you  would  to  buy  a  backup 
server.)  And  now  we  apply  our  disaster  recovery  experience  and  aggressive  pricing  to 
your  other  critical  business  needs.  With  SunGard’s  Internet  and  high-availability  services, 
the  people  who  need  it  always  have  access  to  your  company’s  information.  Call  us  or 
visit  us  online  now.  you  ll  get  our  popular  planning  guide 

BUSINESS  CONTINUITY:  ARE  YOU  REALLY  COVERED?.  FREE. 

Then  relax.  When  plan  B  fails,  SunGard  won’t. 


1-800-468-7483  EXT.246  OR 
WWW.SUNGARDINFO.COM/BC 


SUNGARD’ 


Davenport  on... 


the  median  e-market  is  doing  only  175  transactions  a  month, 
with  a  median  value  of  $6,500  per  transaction.  That  adds  up 
to  about  $1.2  million  a  month  passing  through  the  market. 
Transaction  fees  are  the  primary  means  of  getting  paid  in  e- 
markets,  and  they  are  at  best  around  5  percent  or  so.  That 
means  that  the  average  e-market  is  getting  only  about  $60,000 
a  month  in  revenue,  which  will  barely  pay  for  the  maintenance 
of  the  foosball  table. 

The  big  guys — that  is,  large  companies  that  buy  and  sell 


The  big  guys— that  is,  large  companies  that  buy 
and  sell  within  existing  markets-have  moved  in, 
even  though  thus  far  there  is  little  booty  to  plunder. 


within  existing  markets — have  moved  in,  even  though  thus  far 
there  is  little  booty  to  plunder.  They  have  developed  their  own  e- 
market  consortia  working  with  other  players  in  their  own  indus¬ 
tries.  It  was  only  natural  that  large  companies  in,  say,  the  oil 
business,  would  want  to  develop  their  own  marketplaces  rather 
than  hand  over  big  (well,  they  thought  they  would  be  big,  and 
maybe  they  will  be  eventually)  transaction  fees.  In  March,  April 
and  May  of  2000,  consortia  e-markets  were  formed  in  the 
automotive,  aerospace,  forest  products,  utilities,  food,  air¬ 
line,  rail,  energy,  chemicals,  hospitality  and  computer  indus¬ 
tries.  If  you  were  an  independent  e-market,  would  that  lineup 
intimidate  you?  I  suspect  it  will  scare  many  independent  e- 
markets  into  selling  themselves  or  their  services  to  consortia. 

If  competition  from  e-market  consortia  weren’t  enough,  there 
are  three  other  factors  that  have  inhibited  e-markets’  growth. 

Integration  is  a  huge  issue  in  e-markets.  It  refers  to  the  ability 
of  one  company  to  integrate  its  buying  and  selling  systems  with 
those  of  the  e-market,  or  with  other  companies  that  are  partici¬ 
pating  in  the  market.  Certainly  some  progress  has  been  made 
in  the  ability  to  connect  interorganizationally;  companies  such  as 
WebMethods  have  eased  the  way  somewhat  with  integration 
tools.  Eventually,  companies  will  undoubtedly  be  able  to  issue 
purchase  orders  through  their  own  enterprise  systems,  and  have 
them  seamlessly  pass  through  an  e-market  to  the  enterprise  sys¬ 
tem  of  another  company.  But  don’t  hold  your  breath  while  this 
is  all  being  worked  out;  it  will  take  many  years. 

The  difficulty  of  implementing  information  and  process  stan¬ 
dards.  Sure,  you  can  get  a  bunch  of  well-meaning  people 
together  from  various  companies  in  an  industry,  and  they  may 
all  agree  that  a  “9  millimeter  stainless  tube”  will  mean  just 
that.  Several  industries — most  notably  the  electronics  industry 
through  RosettaNet,  an  early  e-market  consortium — have 
already  done  so.  But  it  is  another  matter  altogether  for  every¬ 


body  in  an  industry  to  actually  implement  common  information 
and  processes.  That  would  mean  reengineering  an  awful  lot  of 
businesses.  It  will  be  even  harder  for  companies  to  agree  on  how 
to  describe  highly  engineered  or  complex  components.  Even  if 
these  steps  could  be  accomplished,  there  are  undoubtedly  dis¬ 
sidents  within  the  organization  who  will  say,  “Why  should  we 
make  all  our  processes  and  information  the  same  as  our  com¬ 
petitors — so  that  we  can  compete  only  on  price?”  Sometimes 
we  should  listen  to  such  dissidents. 

The  relationships  companies  have 
developed  with  their  suppliers.  Of 
course,  they’re  not  really  a  problem 
from  any  other  perspective;  they  are 
rather  a  great  asset.  Which  is  why  com¬ 
panies  don’t  want  to  dissolve  them  in 
favor  of  an  e-market  in  which  they  can 
save  a  few  bucks  by  purchasing  from 
suppliers  they  don’t  know.  My  favorite  example  of  this  is  Toyota, 
which  was  asked  by  the  Big  Three  automakers  to  join  Covisint, 
their  e-market.  Toyota  managers  asked  themselves,  “Should  we 
dissolve  the  supplier  relationships  we’ve  worked  on  for  decades, 
which  are  a  critical  aspect  of  our  quality,  which  is  a  critical  aspect 
of  why  we’re  a  great  car  company?”  They  considered  the  issue 
for  at  least  a  second  or  two.  Their  response  was,  “OK,  we’re 
in. .  .for  office  supplies  and  a  few  nuts  and  bolts.”  It  would  have 
made  zero  sense  for  Toyota,  or  any  other  organization  with  close 
supplier  relationships  for  key  components,  to  give  up  those  rela¬ 
tionships  for  a  few  dollars  or  yen  saved  through  an  e-market. 

The  end  result  of  these  factors  is  that  strategic  sourcing  is 
alive  and  well.  Companies  continue  to  buy  much  of  what 
they  need  and  sell  much  of  what  they  make  to  long-term  trad¬ 
ing  partners  with  whom  they  have  cultivated  deep  relation¬ 
ships.  To  be  sure,  many  companies  are  developing  private 
extranets  to  facilitate  connections  with  existing  partners.  These 
private  networks  are  similar  to  electronic  data  interchange 
connections,  but  they  involve  no  value-added  network  inter¬ 
mediary  and  allow  for  a  much  broader  range  of  information 
types  to  be  transmitted.  They’ll  be  particularly  important  in 
the  next  phase  of  interorganizational  relationships,  in  which 
companies  will  truly  collaborate,  not  just  exchange  informa¬ 
tion.  The  private  networks  do  involve  the  Internet  (albeit  in  a 
private  form),  but  they  don’t  involve  revolutionary  change. 
Instead  they  are  just  another  step  in  a  long  efficiency  dance 
involving  companies  and  the  other  companies  with  which  they 
do  business.  QE1 


Tom  Davenport  is  the  director  of  the  Accenture  Institute 
for  Strategic  Change  and  a  distinguished  scholar  at 
Babson  College.  He  welcomes  reader  comments  at 
davenport@cio.com. 
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When  you  combine 
search  and  browse 

functionality,  you’ve  really 

found  somethi 

Inxight  Thing  Finder"'!  A  next-generation  integration  of  search  aid  browst 

With  most  websites,  tiie  information  users  are  really  looking  for  remains  ios 
with  Inxight  Thing  Finder.  Thing  Finder  automatically  identifies,  tags,  an* 
content — -which  makes  it  easy  for  users  to  browse  through  large  amounts  c 
text.  Find  out  more  about  by  calling  1 -866-345-INFO.  Or  visit  our  website 
about  Inxight’s  comprehensive  and  integrated  suite  of  web  building 
optimization  solutions.  Inxight  Thing  Finder.  Alfa  all,  the  information  you  war 
the  information  you  have  to  dig  fa. 
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Inxinhr  Announces  French  Support  for  l  hwiq  Finder 
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Inxight  Software,  Inc. 
Home  Page: 

Analyst  Reports: 

Stock  Quote: 
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Why  settle  for  hot  air?  Qwest  Dedicated  Internet  Access  gives  you 
network  access  via  one  of  the  world’s  most  advanced  fiber-optic  backbones. 


Not  all  networks  are  built  the  same. 

How  many  times  do  you  have  to  hear  lame  excuses  from 
lame  people  about  network  problems?  With  Qwest’s 
Dedicated  Internet  Access ‘(DIA),  you  wouldn’t  have 
to.  Because  DIA  provides  what  others  merely  promise. 
Totally  secure,  highly-reliable,  high-speed  Internpt 
connectivity.  And  because  we  make  it  happen  over 
one  of  the  world's  most  advanced  OC  192  fiber¬ 
optic  broadband  backbones,  you'll  get  the  bandwidth 
you  need  now,  with  the  scalability  you’ll  need  ■  in 
the  future. 


choose  from  dedicated  access,  ATM,  Frame  Relay  and 
VPN  options. 

One  company  with  all  the  answers. 

With  Qwest  DIA,  you'll  also  benefit  from  the 
efficiencies  of  dealing  with  a  single  company  responsible 
for  everything  from  hosting,  to  network  connectivity,  tp 
Web-centric  consulting.  A  company  that  also  offers 
you  diverse  billing  options  and  low  subscription  ratios 
to  match  your  current  and  future  bandwidth  and 


Results,  not  promises. 


budgetary  requirements. 


To  see  why  Qwest  DIA  outperforms  the  competition, 
Qwest’s  performance  metrics  are  some  of  'the  best  in  '  1 

the  business.  Check  them  out.  They’re  all  part  of  our  v's^  dwest.com  or  cal1  "*  800  RIDE  QWEST.  There  s  no 

unique  Service  .Level  Agreement  (SLA).  Plus,  you  can  reasonable  excuse  not  to. 


Provider 

Qwest  DIA 

UUNET* 

Sprint* 

Cable  &  Wireless* 

Nationwide  Backbone 
Trunk  Capacity 

OC  192 

OC  48 

OC  48 

OC  48 

Monitoring/ 

Performance 

Real-Time  at: 
http://stat.qwest.net 

Monthly 

Limited  customer 
level  only 

Real-Time 

Bandwidths 

56Kbps  to  OC  48 

56Kbps  toOC  12 

56Kbps  toOC  12 

56Kbps  to  OC  12 

broadband  *  internet  •  host-ing  •  applications  •  consulting 

telecommunications  •  wireless 


•information  based  on  the  listed  competitor's  websites  as  of  1/15/01 ,  ©2001  Qwest  Communications  International  Inc.  Customers  in  the  states  of 
AZ,  CO,  ID,  IA..MN,  MT,  NE,  NM.- NO.  OR,  SO,  UT,  WA  and  WY  will  have, their  Qwest  internet  services  provided  in  conjunction  with  a  separate  Global  -Service 
Provider  (GSP).  This  provider  will  supply  customers,  with  connectivity  tc  the  global  Internet  in  those  states. 


ride  the  light 
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Fog  Cutter 

Uncertain  times  pose  a  defining  test  for  any  leader 

BY  CHRISTOPHER  HOENIG 

MORE  THAN  A  CENTURY  AGO,  Karl  von  Clausewitz,  the  legendary 
developer  of  Prussian  military  strategy,  coined  a  phrase  to 
describe  the  extraordinary  leadership  challenges  faced  by  com¬ 
manding  generals.  He  called  it  the  “fog  of  war.”  This  phrase 
represented  a  set  of  complex  factors,  including  pressure  for 
quick  decisions,  inadequate  or  distorted  information,  stress, 
anxiety  and  fear,  the  crushing  impact  of  loss  of  life,  and  the 
difficulty  of  communication  with  others.  Von  Clausewitz 
observed  that  these  factors  combined  to  cloud  the  thinking 
and  decision  making  of  leaders  at  critical  times. 

In  contemporary  business  and  technical  leadership  we  call 
this  “managing  through  uncertainty”  or  “leading  through 
change” — though  no  phrase  matches  the  power  of  the  origi¬ 
nal.  Yet  whatever  you  call  it,  working  successfully  through  the 
fog  is  a  defining  test  for  any  leader. 

There  are  many  different  situations  that  can  make  you  a 
leader  in  the  fog,  such  as  the  first  few  months  at  a  new  job 
in  a  financially  threatened  company  or  leading  a  strategic 
response  to  a  new  competitor.  When  you  feel  your  mind  go 
fuzzy,  your  alternatives  narrow,  your  creative  juices  dry  up 


and  your  tension  rise,  you  know  you’re  in  the  fog. 

The  thickest  fog  I’ve  ever  confronted  is  in  building  a  new 
company  from  the  ground  up.  Even  after  starting  with  a  rela¬ 
tively  clear  concept  and  months  or  years  of  planning,  the  fog 
settles  in  the  moment  you  actually  begin.  In  the  first  three  to 
six  months,  the  product/service  focus,  business  model  and  mar¬ 
ket  analysis  might  change  four  or  five  times. 

Whenever  I  have  to  lead  through  high  degrees  of  ambiguity 
and  uncertainty,  I  use  an  approach  long  tested  by  the  Marines  and  “ 
fighter  pilots  to  guide  their  decision  making  in  complex,  life  or  < 
death,  disorienting  situations.  It  is  called  the  OODA  (pronounced  g 
“oooda”)  loop:  observe  and  orient,  decide  and  act.  I’ve  used  it  ^ 
below  to  organize  the  lessons  and  techniques  I’ve  found  useful. 

O 

h- 

< 

Observe  and  Orient  £ 

Observing  and  orienting  involve  getting  accurate  information,  d 
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SEEKING 

DEEPER 

RELATIONSHIPS 


PeopleSoft  Customer  Relationship  Management 

Deepen  the  relationships  that  power  your  enterprise.  Now,  exclusively  with  PeopleSoft, 
you  can  identify  your  most  profitable  customers  and  optimize  your  business  to  meet 
their  needs.  What’s  more,  you  can  do  it  from  anywhere — a  web  browser,  a  cell  phone, 
a  PDA,  or  even  a  pager.  PeopleSoft  CRM  seamlessly  coordinates  your  business 
processes,  helping  every  department  and  channel  deliver  on  customer  expectations. 
From  your  sales  force  to  your  call  center,  analytics  provide  insight  at  each  touchpoint  of 
your  enterprise.  To  learn  how  PeopleSoft  can  help  you  get  more  out  of  your  relationships, 
call  1-888-733-8277. 

•  Pervasive  • 


www.peoplesoft.com/crm 


CUSTOMERS  •  EMPLOYEES  •  SUPPLIERS 


People  power  the  internet: 


Total  Leadership 


multiple  points  of  view  and  a  frame  of  reference  that  allows  you 
to  navigate  even  in  the  midst  of  uncertainty.  It  also  means  devel¬ 
oping  a  dynamic  view  of  an  entire  situation  so  that  you  do  not 
get  stuck  in  static  thinking  or  make  the  mistake  of  interpreting 
new  situations  solely  in  light  of  similar  situations  you’ve  faced 
before.  To  effectively  observe  and  orient,  you  need  to: 

■  Get  the  lay  of  the  land.  Understand  the  terrain,  the  players, 
the  trends  and  where  you  are  in  relationship  to  everyone  else. 
I  read  voraciously,  get  the  scoop  from  intelligent  colleagues 
and  friends,  and  listen  to  both  practitioners  and  pundits.  Using 
that  information,  I  try  to  form — and  continuously  update — a 
view  of  the  situation  that  incorporates  a  longer-term  strategic 
perspective  as  well  as  the  immediate  tactical  reality. 


■  Generate  a  frame  of  reference.  Have  your  own  mental  con¬ 
struct  that  defines  boundaries  and  points  of  navigation  even 
when  there  appear  to  be  none.  Early  on  in  a  new  business,  our 
team  developed  a  picture  of  the  industry  and  a  plan  for  how  our 
business  would  likely  evolve  during  the  next  six,  18  and  36 
months.  With  regular  updates,  this  served  as  a  stable  high-level 
frame  of  reference  we  could  use  to  interpret  all  the  changes 
taking  place  around  us. 

■  Conduct  reconnaissance.  Get  as  much  meaningful  informa¬ 
tion  as  possible,  then  double-  and  triple-check  it  for  reliability. 
My  CIO  and  I  play  a  game  every  day  scanning  the  Web  for 
potential  competitors:  The  person  who  can  frighten  the  other 
one  most  wins.  Every  month  or  so,  we  find  a  company  that 
makes  our  collective  stomach  sink.  Then  we  systematically 
research  it  and  process  how  its  approach  compares  to  ours.  This 
always  involves  sending  someone  on  a  reconnaissance  mission, 
no  matter  where  the  company  is  located. 

■  Communicate,  communicate,  communicate.  Keep  a  con¬ 
stant  flow  of  communication  from  multiple  sources  and  expect 
to  be  surprised  and  respond  to  last-minute  changes.  I  encour¬ 
age  our  board  members  to  send  us  e-mails  about  potential 
partners.  Employees  saturate  me  with  ideas  about  new 
approaches.  My  partners  and  I  conduct  daily,  weekly,  monthly 
and  quarterly  reviews  to  ensure  we’re  talking  about  all  the 
right  things  all  the  time. 

Decide  and  Act 

Deciding  and  acting  moves  from  absorbing,  filtering  and  pro¬ 
cessing  information  to  calculating  and  executing  both  bold 
and  incremental  actions  to  achieve  an  objective.  Of  course,  the 
problem  with  the  fog  of  complex  problem-solving  environ¬ 


ments  is  that  objectives  may  frequently  change.  To  effectively 
decide  and  act,  you  need  to: 

■  Determine  your  goals  and  objectives.  Nothing  accentuates  the 
tension  and  anxiety  of  working  in  the  fog  like  a  lack  of  objec¬ 
tives.  In  running  our  new  business,  we  rapidly  evolved  a  set  of 
objectives  over  several  months  and  ended  up  with  six  strategic 
goals  that  drive  all  our  goal  setting,  performance  measurement, 
risk  assessment,  and  organizational  roles  and  responsibilities. 

■  Have  a  plan  and  be  willing  to  change  it.  Know  where  your 
opportunities  and  risks  are  likely  to  be.  Then  have  victory  and 
escape  routes  planned.  My  businesses  all  had  plans  from  the 
beginning,  but  the  process  of  changing  and  adjusting  our  think¬ 
ing  was  as  important  as  the  plan  itself.  We  talk  weekly  about 

how  it  needs  to  be  adjusted  given  tactical 
conditions,  resource  availability,  develop¬ 
ing  opportunities  and  emerging  risks. 

■  Develop  multiple  scenarios  and  con¬ 
tingencies.  Make  deliberate  decisions.  I 
spend  time  constructing  worst-  and  best- 
case  scenarios,  but  the  ones  I  work  on  the  hardest  are  “mini¬ 
mum  required”  and  “maximum  possible.”  Minimum  required 
means  the  least  number  of  things  that  need  to  be  done  in  order 
to  get  to  our  next  line-of-sight  result.  Maximum  possible  adds 
in  the  known  opportunities  that  could  turn  into  windfalls  if 
everything  goes  right.  I  try  to  zero  out  the  risk  of  worst  case, 
capture  most  of  minimum  required  very  early  and  then  work 
systematically  to  increase  the  probabilities  of  getting  to  maxi¬ 
mum  possible  or  best. 

■  Act  and  react.  Make  bold,  deliberate  moves.  Ulysses  S.  Grant 
attributed  his  maturity  as  a  leader  to  finally  realizing,  just  before 
one  hair-raising  battle,  that  the  other  guy  was  just  as  uncertain 
and  afraid  as  he  was.  Always  remember,  you’re  not  the  only  one 
in  the  fog.  So  work  your  own  plans,  look  for  the  other  guy 
and  make  the  bold  moves  that  will  require  others  to  respond 
to  you  and  not  vice  versa. 

When  you  find  yourself  in  a  leadership  situation  and  the 
fog  is  settling  in,  remember  the  OODA  loop.  Systematically 
work  through  its  cycles  as  best  you  can.  You  may  find  the  fog 
more  comfortable  to  work  in  and  even  clearing  up  faster  than 
you  expect.  MM 


Send  your  own  tales  of  leadership  in  the  fog  to  teadership@cio.com. 
Christopher  Hoenig  has  been  an  entrepreneur,  government  executive 
(director  for  information  management  and  technology  issues  at  the  GAO), 
consultant  (McKinsey  &  Co,)  and  inventor,  and  is  author 
of  The  Problem  Solving  Journey:  Your  Guide  to  Making 
Decisions  and  Getting  Results  (Perseus  Publishing, 

2000).  He  is  now  chairman  and  CEO  of  Exolve  in 
Washington,  D.C.,  focusing  on  next-generation  Web- 
based  problem  solving. 


Nothing  accentuates  the  tension  and  anxiety 
of  working  in  the  fog  like  a  lack  of  objectives 
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NetScreen-5: 

VPN,  FIREWALL  AND  TRAFFIC 
MANAGEMENT  FOR  THE 
TELECOMMUTER  OR  SMALL  OFFICE. 


NetScreen-10: 

Complete  security  solution  for 
small/mid-size  companies  and 

BRANCH  OFFICES. 


NetScreen-100: 
Ideal  for  e-business  and 

ENTERPRISE  CENTRAL  SITES. 


NetScreen-1000: 
Multiple  customer  security 
DOMAINS  FOR  IDC'S  AND 
ENTERPRISES  AT  GIGABIT  SPEEDS. 


The  Pilot-fish: 

Usually  vulnerable  to  predators, 

HAS  FORMED  A  SYMBIOTIC  RELATIONSHIP 
AND  NOW  RESTS  EASY. 


The  White  Tip  Shark: 

NO  KNOWN  PREDATORS. 

Has  evolved  over  time 

TO  BECOME  ONE  OF  NATURE’S 

ULTIMATE  KILLING  MACHINES 


When  your  survival  is  at  stake y  go  to  the  guy  with  the  biggest  teeth 


NetScreen. 

The  bite  and  speed  to  meet  the  complex  security  needs 
of  service  providers  and  enterprises. 

It’s  not  a  new  concept  —  as  old  as  nature,  really. 

To  feel  truly  safe,  you  must  ally  with  the  guy  predators  fear  the  most , 
Based  on  this  idea,  NetScreen  has  built 
the  most  lethal  integrated  network  security  solutions  available. 

Our  elegant,  yet  dangerous  systems  and  appliances 
provide  industry-leading  performance, 
with  speeds  up  to  an  astonishing  1  gigabit  per  second. 

As  well  as  incredible  versatility  —  combining  firewall,  VPN  and  traffic  management. 

And  because  NetScreen’s  solutions  are  integrated, 
one  device  can  protect  multiple  users  —  up  to  tens  of  thousands,  in  fact  — 
giving  you  not  only  superior  manageability  in  any  network  environment, 

but  also  extremely  low  cost  per  user. 

So  when  arming  your  network, 

be  sure  to  remember  that  a  friend  with  teeth,  is  a  friend  indeed. 

And  that  no  one’s  got  a  fiercer  bite  than  NetScreen. 

To  reach  your  friends  at  NetScreen, 
call  1-800-742-9477  or 

visit  www.netscreen.com/prodncts/appliances.html  for  white  papers. 


Comm  Web 

TRIER'S 

CHOICE 


Broadband  Internet  Security  Solutions 
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Our  best  thinking,  eagerly  awaiting  yours. 
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Edited  by  Contributing 
Editor  Malcolm  Wheatley. 
Send  your  views 
and  ideas  on  global 
business  to  him  at 
passport@cio.com. 
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Sound  Systems 

Luxury  brands  have  a  reputation  for  “fat  and  happy”  back-office  functions. 
Bang  &  Olufsen  breaks  the  mold.  BY  MALCOLM  WHEATLEY 


TO  BOTH  HI-FI  BUFFS  and  trendy  interior  decor 
types,  Danish  consumer  electronics  company  Bang 
&  Olufsen  needs  little  introduction.  Renowned  for 
the  technical  innovation  of  its  products  as  much  as 
for  their  starkly  modern  styling,  Bang  &  Olufsen’s 
televisions  and  hi-fi  units  (typical  price:  US$5,000) 
are  coveted  all  over  the  world. 

Such  is  their  appeal  that  export  sales  account  for 
more  than  80  percent  of  the  output  of  the  com¬ 
pany’s  factory  in  Struer,  in  northern  Denmark — high 
even  by  European  standards.  The  company  exports 


mostly  to  the  rest  of  Europe,  although  even  Japan 
has  47  stores  selling  Bang  &  Olufsen  products,  a 
feat  akin  to  selling  refrigerators  to  Eskimos. 

But  walk  into  a  Bang  &  Olufsen  shop,  and  it’s 
likely  that  you’ll  walk  out  empty-handed,  returning 
home  without  the  TV  or  stereo  of  your  choice.  This 
is  not  because  of  inventory  control  foul-ups  but 
because  a  growing  number  of  Bang  &  Olufsen  stores 
hold  only  display  inventory  so  that  the  company  can 
build  to  order  as  many  products  as  possible. 

This  approach  is  backed  by  systems  that  pull 


PASS 


64  CIO  MARCH  1,  2001  •  www.cio.com 


Special  Advertising  Supplement 


WIRELESS  INDUSTRY  LEADERSHIP.  3Com  is  a 
founding  member  of  WECA  (Wireless  Ethernet 
Compatibility  Alliance)  and  WLANA  (Wireless  LAN 
Association).  3Com  is  also  one  of  nine  promoters  of 
the  Bluetooth  Special  Interest  Group,  whose  aim  it 
is  to  greatly  simplify  the  process  of  connecting  all 
sorts  of  mobile  electronic  devices.  This  business- 
critical  Bluetooth  technology  will  not  only  be  able 
to  carry  high-quality  voice,  but  will  also  support  data 
transmission  between  mobile  devices.  And  3Com 
is  prominent  in  wireless  LAN  and  networking 
standards. 


RICH  MANAGEMENT  FEATURES.  For  3Com’s 
AirConnect®  wireless  LAN  solution,  these  features 
include  the  ability  for  employees  to  have  very  high¬ 
speed  network  access  with  far  greater  freedom  of 
movement  in  their  increasingly  mobile  world. 
AirConnect’s  unique  PowerBASE-T  module  provides 
power  to  access  points  via  the  Ethernet  cable  con¬ 
necting  them  to  the  network,  and  this  eliminates  the 
usual  costly  process  of  running  electricity  to  each 
location.  Meanwhile,  AirConnect’s  Site  Survey  Utility 
is  designed  from  the  ground-up  to  help  IT  profession¬ 
als  with  the  often-complex  task  of  properly  placing 


HIGHLY  STANDARDS-BASED.  All  3Com  Wireless  LANs 
support  the  IEEE  802.11b  standard,  which  is  destined 
to  become  the  standard  of  choice  for  wireless  net¬ 
working.  This  IEEE  standard  supports  wireless  trans¬ 
mission  rates  up  to  11  MB/sec,  holding  out  the  prom¬ 
ise  of  new  and  exciting  wireless  LAN  applications 
requiring  high  performance,  high  throughput  and 
maximum  availability.  3Com  products  are  also  Wi¬ 
Fi™  (Wireless  Fidelity)  certified,  ensuring  multiven¬ 
dor  interoperability.  This  certified  interoperability  is 
key  to  advancing  the  adoption  of  wireless  LANs  into 
the  corporate,  small  business,  home  and  public 
access  markets.  Further,  interoperability  helps  safe¬ 
guard  the  wireless  investments  you’ve  already  made 
and  will  make  in  the  future. 

PC  CARD  LEADERSHIP.  When  most  people  think  of 
network  interface  cards  or  NICs,  they  immediately 
think  of  3Com,  with  good  reason.  3Com’s  NICs  are 
industry  leading  in  several  areas,  being  the  world’s 
market  leader  in  10/100  MB/sec  Ethernet  access 
solutions.  3Com’s  EtherLink®  NICs  deliver  maximum 
reliable  connections  over  twisted  pair,  coaxial  or 
fiber-optic  lines.  By  leveraging  its  leadership  in 
mobile  connectivity,  3Com  is  perfectly  positioned  for 
wireless  PC  cards  with  the  cordless  PC  market  seg¬ 
ment  as  well. 


access  points  to  achieve  desired  coverage  and  per¬ 
formance.  The  Mobile  Connection  Manager  creates 
profiles  for  users  to  facilitate  their  roaming. 

RADICAL  SIMPLICITY.  3Com’s  Home  Wireless 
Gateway  is  literally  plug-and-play,  with  no  software 
or  drivers  needed.  Easily  configurable  through  any 
standard  Web  browser,  this  gateway  allows  users  to 
share  high-speed  Internet  access,  personal  files  and 
resources  either  wirelessly  or  over  Ethernet  wires. 
Support  for  dynamic  host  configuration  protocol 
(DHCP)  enables  a  server  to  automatically  assign  an 
IP  address  to  an  individual  computer’s  TCP/IP  stack 
software,  greatly  automating  the  configuration 
process. 

FULL  FEATURED.  Our  Home  Wireless 
Gateway  is  the  only  all-in-one  wired  and 
wireless  solution.  It  operates  at  wireless 
speeds  that  rival  many  office  networks 
while  also  offering  three  10/100  fast  Ethernet  ports 
for  higher  data  activities.  A  built-in  firewall  and  40- 
bit  encryption  protect  your  data.  Support  for  virtual 
private  networking  (VPN)  ensures  simple  access  to 
the  corporate  network,  while  Wi-Fi™  certification 
guarantees  compatibility  with  other  wireless  net¬ 
working  products. 
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Original  ceilings. 
Original  moldings. 
Original  wiring? 


3Com — 

Simple  sets  you  free. 


3Com  Wireless  Networking 

Found  a  great,  classic  space  that’s  off-limits  to  technology?  It’s  a  perfect  time  ti 
discover  3Com’s  whole  new  line  of  wireless  network  products.  A  new  approacl 
to  how  any  business  can  instantly  create  a  fast-moving  network  out  of  thin  ai 
And  exploit  the  Internet  to  its  fullest.  (And  bring  the  18th  century  to  the  21st 
Just  talk  to  your  3Com  reseller  or  click  3Com.com.  Home.  Office.  Beyon 
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Boundaries  continue  to  be  redrawn  or  virtually  erased  —  between 


countries;  between  cultures;  between  companies  and  their  customers,  partners  and  competi¬ 


tors;  between  IT  and  the  rest  of  the  organization.  Explore  the  intersection  of  IT  with  legal, 
ethical,  cultural,  human  resources,  business  philosophies,  and  organizational  structures. 
Envision  what’s  next  —  and  prepare  for  it. 


■  To  enroll  or  for  more  information,  call  800  366-0246  or  visit  our  website 
at  w ww.cio.com/conferences. 
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together  some  of  the  latest  thinking  in  sup¬ 
ply  chain  management  and  retailing  today. 
While  other  companies,  such  as  Dell 
Computer  (see  “Fine  Line,”  CIO,  Feb.  1, 
2000),  have  built  electronic  links  between 
end  consumers  and  factories,  Bang  & 
Olufsen  has  pulled  the  dealer  into  the  loop 
too.  Select  and  configure  the  model  of  your 
choice,  and  it  arrives  five  days  later — a 
pretty  neat  trick,  considering  that  three  of 
these  days  are  taken  up  by  transportation 
time.  (This  doesn’t  apply  in  the  American 
market,  which  is  served  by  a  well-stocked 
warehouse  in  Newark,  N.J.,  and  accounts 
for  5  percent  of  sales.) 


Building  and  running  the  systems  to 
bring  this  about  is  the  responsibility  of  IT 
Manager  Ole  Damsgaard.  Inevitably,  he 
explains,  much  of  the  focus  hitherto  has 
been  on  compressing  the  preshipment  sup¬ 
ply  chain.  For  example,  SAP  R/3-based 
materials  requirements  planning  (MRP)  is 
run  every  two  hours  during  the  day,  as  new 
orders  arrive  from  the  company’s  14 
national  sales  offices  and  2,172  retailers. 

In  the  factory,  products  are  built  on 
automated  assembly  lines  and  ergonomi¬ 
cally  efficient  workstations  that  embrace 
state-of-the-art,  computer-integrated  manu¬ 
facturing.  The  objective,  says  Damsgaard, 
is  to  do  more  than  just  provide  informa¬ 
tion  to  management  about  which  product 
is  where  in  the  assembly  process.  Instead, 
the  goal  is  real  manufacturing  functionality. 
“Operatives  scan  the  bar  code  of  the  TV 
they  are  working  on,  then  scan  the  com¬ 
ponent  they  are  installing — such  as  a  pic¬ 
ture  tube,  for  example — and  the  system 
confirms  that  it’s  the  right  component  for 
the  right  product,”  he  says. 


And  little  is  left  to  chance  in  making  sure 
that  those  components  arrive  on  time.  The 
same  two-hourly  MRP  run  that  updates  the 
production  schedule  also  outputs  future 
component  requirements  to  a  data  ware¬ 
house  from  the  SAS  Institute  of  Cary,  N.C. 
From  this,  a  custom-built  system  extracts  the 
material  requirements  and  posts  them  on  a 
webpage  for  suppliers  to  download  in  to 
their  own  planning  and  production  systems. 

The  result:  Although  paper-  and  EDI- 
based  orders  still  account  for  65  percent 
of  material  requirements,  35  percent  of 
requirements  reach  the  production  lines 
without  an  order  being  formally  generated 


at  all.  Suppliers  are  given  a  minimum  and 
a  maximum  level  of  inventory  that  they 
must  maintain  onsite  at  Bang  &  Olufsen. 
Within  that  range,  they  are  free  to  orga¬ 
nize  their  own  manufacturing  schedules  to 
suit  their  own  capacities  and  constraints. 

Outsourced  Development 

As  the  operation  of  the  supply  chain 
upstream  from  the  factory  gate  became 
slicker,  attention  turned  to  improving  oper¬ 
ations  downstream.  In  April  1999, 
Damsgaard  charged  a  working  party  with 
fleshing  out  the  specifications  for  an 
Internet-based  e-commerce  system  that 
would  directly  link  the  Struer  headquarters 
with  every  Bang  &  Olufsen  retailer  around 
the  world.  There  were  several  objectives, 
with  improved  product  configuration  high 
on  the  list.  Damsgaard  wanted  online 
customers  to  be  able  to  graphically  con¬ 
figure  and  order  valid  combinations  of 
products  that  would  be  available  in  their 
particular  national  market.  “Minutes  later, 
the  system  can  be  going  into  production 


Changing  Channels 


The  Pioneer:  Since  1925,  Bang  & 
Olufsen  has  been  building  its  reputa¬ 
tion  for  innovation  and  style.  Today, 
the  company’s  products  are  sold  in 
40  countries  through  a  network  of 
2,172  dealers.  The  company  employs 
2,800  people,  mostly  at  its  HQ  in 
Struer,  in  northwest  Denmark,  and 
had  1999/2000  sales  of  3.72  billion 
Danish  kroner  (approximately 
US$460  million). 

The  Challenge:  Find  a  way  to 
combine  some  of  the  best  elements 
of  electronic  commerce,  mass- 
customization,  computer-enhanced 
retailing  and  automated  post-sales 
support— without  alienating  the 
local  dealers  who  are  critical  to 
the  company’s  success. 

The  Solution:  A  multilingual  Web- 
enabled  configuration  and  online 
ordering  tool,  complete  with  post¬ 
sales  support  facilities. 

here  at  Struer,”  says  Damsgaard. 

Coding  on  the  system  began  in  August 
1999  in  cooperation  with  Maersk  IT,  a 
Web  solutions  and  Internet  technology 
company  in  the  Maersk  Data  Group. 
(Maersk  Data  is  a  subsidiary  of  A.R  Moller 
Group,  one  of  Denmark’s  largest  compa¬ 
nies.)  Their  task:  Link  together  a  disparate 
clutch  of  best-of-breed  applications  that 
included  Microsoft’s  SQL  Server;  Baan’s 
e-commerce  product  configurator;  SAP’s 
R/3;  IBM’s  DB2;  and  sales  administration 
software  from  Navision  Software  (now 
NavisionDamgaard)  in  Denmark.  “It  was 
very,  very  important  to  us  to  have  one  main 
contractor,”  stresses  Damsgaard. 


Thirty-five  percent  of  material  requirements  reach 
Bang  &  Olufsen’s  production  lines  without  an  order 
being  formally  generated  at  all. 


66  CIO  MARCH  1,  2001  •  www.cio.com 


PeopleSoft  Financial  Analytics 

Want  to  understand  how  your  resources  are  being  spent  to 
support  your  strategies?  PeopleSoft  Financial  Analytics  can  tie  your 
budget  to  your  activities,  and  give  you  up  to  the  minute  reporting  on 
goal  attainment.  Utilizing  the  internet-based  Balanced  Scoreboard 
and  our  award-winning,  data  warehouse  architecture,  PeopleSoft  can 
help  you  gain  insight  into  the  opportunities  that  lie  within  your 
financial  metrics.  To  find  out  more,  contact  us  at  1-888-773-8277. 

Insight  •  Opportunities  •  Profit 


CUSTOMERS  •  EMPLOYEES  •  SUPPLIERS 


People  power  the  internet: 
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The  system  went  live  just  four  months 
after  work  began,  initially  on  a  test  basis 
with  nine  retailers  in  Germany,  Spain  and 
the  United  Kingdom.  It’s  now  being  rolled 
out  on  a  global  basis — a  process  Damsgaard 
expects  to  take  two  years.  In  addition  to 
product  configuration  and  order-placing, 
the  system  allows  retailers  and  after-sales 
service  shops  to  look  up  product  informa¬ 
tion;  download  manuals,  handbooks  and 
service  information;  order  spare  parts;  and 
perform  guaranteed  registration. 

It’s  this  breadth  of  functionality  that  has 
imposed  the  two-year  rollout  period,  by  gen¬ 
erating  a  huge  translation  and  storage  task. 
“It’s  a  language- versioned  system,”  explains 
Damsgaard,  reeling  off  the  versions  so  far 
created:  English,  German,  French,  Spanish, 
Italian,  Dutch  and  the  Scandinavian  lan¬ 
guages.  Eventually,  Japanese  and  other 
language  versions  will  be  launched  as  well. 

Indeed,  the  specificity  of  the  system  offers 
one  of  its  biggest  boons.  There’s  a  thriving 
cross-border  gray  market  in  Bang  & 
Olufsen  products — not  every  product  is 
launched  in  every  market  at  the  same  time 
(and  at  the  same  price) — and  the  online  con¬ 
figurator  imposes  restrictions  of  what  can  be 
legitimately  ordered:  German  dealers,  for 
example,  can’t  order  Danish  products. 

However,  not  every  aspect  of  the  sys¬ 
tem  as  originally  envisaged  will  see  the 
light  of  day.  At  one  point,  a  wireless  appli¬ 
cation  protocol  (WAP)  link  was  contem¬ 
plated,  raising  the  possibility  of  Bang  & 
Olufsen  dealers  logging  on  to  the  system 
from  customers’  homes.  But,  as  WAP’s 
limitations  have  become  clearer,  its  appeal 
has  diminished.  “WAP  technology  isn’t 
good  enough  right  now,”  concludes 
Damsgaard.  “It  needs  better  screens  and 
faster  connections.” 


London-based  Contributing  Editor  Malcolm 
Wheatley  can  be  reached  via  e-mail  at 
malcolm_wheatley@compuserve.com. 


Q&A  |  JULIA  COLLINS 

The  Kraken  Wakes 

KNOWLEDGE  MANAGEMENT’S  dirty  little 
secret:  However  much  you  invest  in  high-tech 
knowledge  banks,  employees  in  search  of  an 
answer  tend  to  make  their  first  port  of  call  the 
folks  they  know  from  the  water  cooler. 

Giant  consultancy  Pricewaterhouse- 
Coopers  is  no  different,  concedes  Julia 
Collins,  its  London-based  head  of  global 
knowledge  management.  While  PWC  has 
considerable  investment  in  formal  knowl¬ 
edge  management  databases,  the  Kraken,  an 
informal  and  unofficial  Lotus  Notes  e-mail 
list,  has  been  garnering  more  attention 
lately.  Named  after  a  mythological  sea  mon¬ 
ster  in  a  poem  by  Lord  Tennyson,  the 
Kraken  is  a  sort  of  global  glue,  sharing  knowledge  across  national  borders. 

Q:  What  exactly  is  the  Kraken? 

A:  It’s  a  discussion  database — but  one  that  works  through  e-mail.  It’s  there  every  morn¬ 
ing  when  you  log  in,  and  you  look  at  it  if  you’ve  got  time,  and  you  don’t  look  at  it  if 
you  haven’t.  It  builds  connections  to  people  in  very  diverse  parts  of  the  world  who  do 
each  other  favors  by  providing  information.  It  doesn’t  compete  with  our  more  formal 
knowledge  management  systems;  it’s  more  additive.  The  formal  knowledge  management 
systems  capture  and  share  explicit  information — and  generally  information  that  is  well 
documented  and  formatted.  With  the  Kraken,  people  ask  questions;  other  people  answer 
those  questions.  Everybody  on  the  mail  list  sees  all  the  traffic:  the  questions  and 
responses,  and  the  responses  to  those  responses. 

Q:  Who  uses  it?  And  for  what? 

A:  About  600  people  are  on  the  list  at  the  moment.  They  tend  to  be  reasonably  senior  peo¬ 
ple,  usually  asking  quite  complex  questions:  “I’m  trying  to  do  this  particular  thing — has 
anyone  done  it?”  or  “Where  have  we  done  it,  and  what  did  we  encounter?”  That  kind 
of  thing.  And  they  tend  to  ask  those  questions  after  they  have  exhausted  the  easier  options, 
especially  within  their  own  countries.  Alternative  approaches  to  capturing  knowledge, 
such  as  post-engagement  reviews,  don’t  really  replace  the  need  to  chat  through  a  prob¬ 
lem.  For  that,  the  Kraken  is  very  good.  The  information  passed  is  more  informal  and 
context  specific  than  the  documented  knowledge  that  we  hold  in  most  of  the  databases. 
Q:  Was  it  complicated  to  set  up? 

A:  It  was  really,  really  straightforward  to  set  up.  It’s  a  simple  mail  group  under  Lotus 
Notes.  To  be  added  to  the  mail  list,  you  just  send  a  request  asking  to  be  added.  There 
wasn’t  any  prior  approval  required  to  set  it  up,  and  it  doesn’t  really  require  funding.  It 
just  works.  -M.  Wheatley 
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Find  your  PRISM  solution  at: 


faster 

lighter 


PRISM®  technology,  the  industry  standard  for 
wireless  local  area  networking,  has  been  improved 
Introducing  PRISM  2.5,  a  new  addition  to  the 
PRISM  chip  set  family  that  will  inspire  an  entire 
wireless  communications  industry  to  think... 
smaller,  faster  and  lighter. 


UNLEASHING  THE  POWER  OF  CONNECTIVITY  ™ 


Rescue.  Help.  We  hear  you.  Especially  when  it  comes  to  figuring  out  how  to  deal  with  managing  online  customer  relationships  aero 
|tt  minjds  and  Java-based  software  and  applications.  With  them,  we've  helped  some  of  the  biggest  names  in  business  hold  on  to  the 

tT&iTechijology'Group.  Inc  ATG.  the  Tech  mark,  and  the  ATG  logo  are  registered  trademarks  ot  Art  Technology  Group.  Inc. 


n  entire  company.  We're  ATG.  Our  secret  weapons? 

st  valuable  asset,  their  customers.  We  can  help  you  too.  www.atg.com/rescue 


Because  it  works 


PASS3S:*I 


foreigncorrespondence 


|  NETHERLANDS 

Power  Off 


Setting  up  in  Amsterdam?  Check 
with  the  electricity  provider 
before  signing  a  lease.  Nuon  NV, 
the  company  providing  power  to 
the  Dutch  capital,  says  there 
is  capacity  shortage  on  the  elec¬ 
tricity  network. 

“We  have  to  double  the 
capacity  of  the  network  in  the 
Amsterdam  area,”  says  Peter 
Knoers,  spokesman  for  Nuon. 
As  a  result,  IT-intensive  busi¬ 
nesses  are  being  wait-listed 
before  they  get  power.  “If  a 
company  relocates  today,  we 
can’t  provide  power  tomorrow. 
The  wait  will  be  a  couple  of 
months,”  says  Knoers. 

Amsterdam  is  a  growing  cen¬ 
ter  for  Internet  and  telecommu¬ 
nications  companies,  and  the 
Netherlands’  most  important 
Internet  hub  is  in  the  southeast 
of  the  city.  Nuon,  which  has  set 
up  a  special  task  force  to  expand 
its  network,  aims  to  have  the  job 
done  in  three  years.  In  the  mean¬ 
time,  the  company  is  working 
closely  with  the  city  of 


Amsterdam.  “As  soon  as  they 
know  a  company  will  come  to 
Amsterdam,  we  are  informed. 
That  makes  it  easier  to  plan,” 
Knoers  says.  -Joris  Evers 

|  HONG  KONG  | 

Digital  Evidence 

Companies  doing  business  with 
China  face  a  new  worry:  The 
Chinese  legal  system  has  yet  to 
decide  on  the  status  of  digital 
evidence.  In  Hong  Kong,  cases 
involving  digital  evidence  are 
just  beginning  to  emerge — only 
last  year  did  the  Customs  and 
Excise  Department  begin  to 
tackle  Internet  piracy  cases. 

“We  have  to  prove  to  the 
court  how  we  discovered  the 
offense,”  says  Vincent  Poon, 
assistant  commissioner  of  cus¬ 
toms  and  excise.  “We  don’t 
know  if  what  we  are  doing  now 
is  acceptable  to  the  court  or 
not.”  Only  the  litigation  of  the 
cases  over  the  next  few  months 
will  tell  whether  the  judge  will 
accept  the  evidence,  he  adds. 

Until  then,  say  experts  like 
Erik  Laykin,  president  of  Online 


Security,  a  security  software 
company  with  offices  in  Los 
Angeles  and  Hong  Kong,  it  pays 
to  be  prepared.  Establish  proce¬ 
dures  for  storing  and  indexing 
digital  information  such  as 
e-mail  messages,  then  write 
down  what  those  procedures 
are.  With  a  standard  operating 
procedure  laid  out  in  front  of 
them,  judges  are  more  likely  to 
accept  evidence  from  a  plaintiff 
or  defendant.  -Stephen  Lawson 

|  STRASBOURG  | 

Cybercrime  Plan 

Information  technology  in¬ 
dustry  groups  are  expressing 
concern  over  provisions  in  a 
Council  of  Europe  draft  pro¬ 
posal  for  fighting  cybercrime. 

The  draft,  which  could  be 
law  later  this  year,  calls  for  min¬ 
imum  penalties  on  illegal  data 

world  wire 


“the  draft  convention  could 
impose  burdensome  data  preser¬ 
vation  requirements  on  Internet 
service  providers  (ISPs);  make 
ISPs  liable  for  third-party 
actions;  and  restrict  legitimate 
activities  on  the  Internet.” 

The  Information  Technology 
Association  of  America,  of 
Arlington,  Va.,  also  has  reserva¬ 
tions,  says  its  president,  Harris 
Miller.  Miller  said  the  council 
should  slow  down,  build  con¬ 
sensus  and  work  with  industry. 
“It  would  be  helpful  if  there 
was  more  conformity  in  the 
laws,”  he  says.  “Setting  up  best 
practices  makes  sense,  but 
when  you  get  down  to  the 
nitty-gritty  in  this  document,  it 
gets  tough.” 

Several  human  rights  and 
information  freedom  organiza¬ 
tions — including  the  American 
Civil  Liberties  Union,  the  United 


Strange  but  true:  According  to  accident 
statistics,  traveling  by  road  is  more 
dangerous  in  the  UNITED  STATES 
than  it  is  in  FRANCE,  MEXICO, 
NEW  ZEALAND  and  YEMEN. 


interception  and  computer  sys¬ 
tem  interference,  computer- 
related  fraud  and  forgery.  It  also 
prohibits  the  reproduction 
and  distribution  of  copyright- 
protected  material  and  bans 
online  child  pornography. 

One  group,  the  World  Infor¬ 
mation  Technology  and  Services 
Alliance,  said  in  a  statement  that 


Kingdom’s  Cyber-Rights  & 
Cyber-Liberties  group,  and 
Spain’s  Kriptopolis — also  oppose 
the  pact. 

-George  A.  Chidi 

Evers,  Lawson  and  Chidi  are  cor- 
respondents  for  the  IDG  News 
Service,  a  sister  company  of  CIO's 
publisher,  CXO  Media. 
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Without  visibility,  your  network  is  lost.  Only  NetScout  guides  you  through  stormy  waters 
with  the  nGenius™  Performance  Management  System.  You  can  measure  application 
and  network  performance,  anticipate  future  capacity  needs,  reduce  the  cost  of  your 
operation,  and  quantify  the  effectiveness  of  your  infrastructure  investment.  To  receive 
your  free  informational  CD  and  get  your  company  out  of  the  fog,  call  1-888-999-5946  or 
visit  www.netscout.com/cio.  Make  your  e-business  infrastructure  investment  count... 
before  your  company  hits  the  rocks. 


Kd  NetScout, 
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WORLDVIEW |  ROBERT  HELLER 

Connect  the  Dots 

No  matter  how  well  a  CIO  wires  a  global  enterprise,  a  top-down 
management  style  will  keep  it  slow  and  inefficient 


IT’S  A  WIRED  WORLD.  But  is  it  a  connected 
one?  The  distinction  is  crucial,  and  in  the 
rush  toward  globalization,  American  cor¬ 
porations  are  in  danger  of  mistaking  one 
for  the  other. 

The  problem  comes  not  with  technol¬ 
ogy  but  with  the  organization  the  tech¬ 
nology  is  supposed  to  knit  together.  The 
typical  model:  international  divisions 
with  well-sited  regional  offices  managed 
by  a  combination  of  hardened  expatriates 
and  nationals. 

These  executives’  titles  say  it  all:  a 
London-based  vice  president  of  marketing, 
EMEA;  a  Hong  Kong-based  vice  president 
of  technology,  AsiaPac.  Both,  of  course,  with 
a  reporting  structure  back  to  Burlingame, 


Calif.,  or  wherever  headquarters  happens 
to  be  (and  where  any  decisions  of  note 
take  place). 

It’s  a  cumbersome  way  of  constructing 
an  organization,  particularly  when,  as  now, 
competitive  pressures  require  decisions  to 
be  made  faster  and  more  frequently.  The 
usual  response  is  to  throw  technology  at  the 
problem:  a  comprehensive  and  advanced 
technology  infrastructure  to  animate  the 
skeleton.  But  this  just  disguises  the  symp¬ 
toms  rather  than  effecting  a  cure. 

The  pyramid  is  not  the  right  structure 
for  today’s  global  business.  A  better  model 
is  to  think  of  the  organization  as  a  network 
held  together  by  information  flows.  Instead 
of  paying  lip  service  to  the  world  outside 


the  domestic  economy,  executives  should 
be  reshaping  the  corporation  as  a  seamless 
web  designed  to  take  full  advantage  of  all 
its  global  opportunities. 

Today’s  business  era  differs  markedly 
from  the  epoch  of  the  multinationals. 
Originally  these  were  little  more  than  large 
American  corporations  with  overseas  affil¬ 
iates  primarily  in  Europe,  some  (like  Ford 
or  what  is  now  Exxon  Mobil  Corp.)  of 
considerable  antiquity.  The  Americans 
have  been  joined  in  increasing  force  by  for¬ 
eign  corporations,  mainly  Europeans  and 
Japanese  (like  Honda  and  Daimler-Benz 
in  autos).  But  that  hasn’t  greatly  altered  the 
picture:  The  country  of  origin  leads,  and 
everybody  else  follows. 

You  couldn’t  ask  for  a  stronger,  or 
worse,  example  than  DaimlerChrysler  AG. 
Chrysler  may  have  been  worse  managed 
than  its  publicity  suggested.  But  manage¬ 
ment  deteriorated  sharply  after  the  heavy- 
handed  intrusion  of  supreme  power  from 
Stuttgart.  The  replacement  of  American 
top  managers  by  Germans  showed  that 
Daimler’s  massive  investment  in  informa¬ 
tion  and  communications  technology,  with 
duplicate  electronic  “war  rooms”  in  the 
United  States  and  Germany,  was  intended 
not  to  equalize  management  but  to  exer¬ 
cise  the  parent’s  will. 

This  parental  superiority  mirrors  the 
hierarchies  that  still  persist  in  the  great 
majority  of  corporations.  Head  office  dom¬ 
inates,  and  the  subordinate  tiers  of  manage¬ 
ment  supposedly  follow  its  top-down 
instructions.  But  the  ongoing  revolution  in 
technology  threatens  this  unequal  and 
increasingly  ineffective  distribution  of 
power.  Now  managers  all  the  way  down, 
acting  in  real-time,  can  share  vital  corpo¬ 
rate  information,  feed  in  data,  contribute 
and  debate  ideas,  connect  across  internal 
boundaries — and  stop  acting  as  mere  relays. 

In  theory,  each  subordinate  does  exactly 
what  his  superior  expects  with  exactly  the 
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&  Greetings  from  the  Internet 

>>  just  arrived 

in  europe  via  internap. 

smooth- 

passed  the  space  shuttle 

twice. 

and  the  servi  ce  .  .  .ah, 

i  could  get  used  to  this. 


>>y  our  data 


Your  data  will  quickly  become  accustomed  to  the  first-class  treatment  Internap  gives  every  byte.  Were  the  only 
ones  to  have  service  level  agreements  with  all  the  major  Internet  backbone  providers.  Combine  that  with  our 
intelligent  Overlay  Network  that  analyzes  all  Internet  traffic  by  the  nanosecond,  and  it’s  no  wonder  we  keep  your  data 
on  the  fastest,  most  reliable  route  to  its  destination.  Coffee,  anyone?  To  learn  more,  visit  www.internap.com 


INTERNAP" 


©2001  Internap  Network  Services  Corporation.  Internap,  the  Internap  logo  and  The  Intelligent  Way  Through  The  Internet  are  trademarks  or  registered  trademarks  of  Internap  Network  Services  Corporation. 


The  intelligent  way  through  the  Internet 
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demanded  and  promised  results.  In  reality, 
not  only  are  both  the  management  process 
and  its  outcomes  far  messier,  but  subordi¬ 
nate  managers  usurp  power  simply  by 
doing  their  jobs.  Intel  Corp.  Chairman 
Andy  Grove,  the  exceptionally  powerful 
leader  of  an  exceptional  global  exemplar, 
has  observed  how  middle  managers,  mak¬ 
ing  tactical  production  and  marketing  deci¬ 
sions  in  the  real  world  and  reacting  to  local 
pressures  from  customers  and  business  eco¬ 
nomics,  significantly  alter  the  strategic 
stance  of  the  corporation. 

But  this  ad  hoc  exercise  of  power  is  a  far 
cry  from  the  deliberate  involvement  of  man¬ 


agers  in  a  fully  wired-up  and  wised-up  cor¬ 
poration — Cisco  Systems  is  among  the  most 
publicized  current  examples.  Benefits  such 
as  a  totally  wired  supply  chain  and  customer 
support  processes  contribute  enormously  to 
Cisco’s  operational  efficiency  and  effective¬ 
ness.  But  the  managerial  consequences  are 
equally  momentous. 

After  years  of  hard  work  on  its  financial 
reporting,  Cisco  can  now  close  its  books 
every  24  hours.  That  ability  is  less  valuable 
in  itself  than  for  what  it  entails:  a  corpo¬ 
ratewide  digital  nervous  system  that  can 
supply  accurate  and  timely  data  to  every¬ 
body  who  needs  it.  Cisco  CEO  John 
Chambers  claims  that  he  and  his  CFO  have 
been  enabled  to  offload  50  to  100  decisions 
that  they  would  otherwise  have  made  per¬ 
sonally  every  quarter. 

Knowledge  shared  in  real-time  is  the 
essential  element  of  the  ultimate  in  com¬ 
munication:  “next  desk”  accessibility.  In 


physical  space,  work  is  enhanced  by  being 
able  to  talk  with  an  adjacent  colleague, 
pass  notes,  share  files,  even  make  signals. 
Now,  thanks  to  technology,  this  ideal  can 
be  replicated  across  the  globe.  Yet  would- 
be  global  businesses  are  still  far  from 
exploiting  the  organizational  implications 
of  this  next-desk  potential. 

Globalization  is  much  more  than  world¬ 
wide  sourcing  of  procurement,  shared  mar¬ 
keting  platforms  and  integrated  operation 
of  centers  of  excellence.  The  ideal  is  to 
make  the  entire  corporation  a  global  cen¬ 
ter  of  excellence,  in  which  each  part  con¬ 
tributes  equally  and  on  equal  terms  to  the 


whole.  And  equality  of  information  is 
indispensable  to  that  ideal. 

Dangerous  delays  will  follow  if  you  do 
not  resolve  the  inherent  conflict  between 
democracy  of  information  and  communi¬ 
cations,  and  autocracy  of  command  and 
control.  The  conflict  has  to  be  resolved  in 
favor  of  democracy.  Major  competitive 
advantage  is  at  stake.  It  will  be  won 
inevitably — and  perhaps  permanently — by 
corporations  that  invest  in  the  fastest, 
fullest  and  most  accurate  exchange  of 
information,  and  that  demand  and  get  the 
most  effective  cooperation  and  collabora¬ 
tion  between  corporate  units. 

The  basic  proposition  of  this  idea  is  that 
many  minds  working  together  are  more 
powerful  than  one  brain,  however  intelli¬ 
gent,  working  alone.  Link  minds  over  the 
system,  and  you’ll  exploit  the  inexorable 
force  of  Metcalfe’s  Law,  which  holds  that 
the  utility  of  a  network  equals  the  square  of 


its  number  of  users.  Curiously,  although 
Intel’s  Grove  agrees  with  this  proposition, 
he  denies  that  the  advance  of  technology 
has  greatly  altered  management. 

“Things  have  changed,”  Grove  said  in  an 
interview  published  in  BusinessWeek  in 
August  2000.  “But  the  left  brain  [the  tech¬ 
nology  side]  says  they  should  be  galloping. 
The  right  brain  [a  manager’s  brain]  says 
there  have  only  been  slow,  gradual  changes 
in  the  way  we  operate  organizations.” 
That’s  solely  because  the  managerial  right 
has  been  lagging  markedly  behind  the  left 
and  behind  the  pace  of  change. 

The  nearer  corporate  information  flows 
come  to  this  next-desk 
ubiquity,  the  more  power 
will  flow  from  the  center 
to  the  periphery — both 
hierarchically  and  geo¬ 
graphically.  Very  few  com¬ 
panies  make  anything  like 
full  use  of  the  rich  new 
resources  that  are  created 
by  geographic  expansion.  The  outposts, 
whether  the  company  thinks  of  itself 
as  global  or  multinational,  are  treated 
primarily  as  captive  outlets  for  the  parent’s 
goods  and  services. 

Act  on  a  next-desk  philosophy,  however, 
and  the  focus  shifts  from  head  office  to  opti¬ 
mizing  collective  performance  through 
optimal  contribution  (of  ideas  as  much  as 
profits)  from  all  units,  which  you  manage 
as  a  collective.  The  time  is  overdue  for  CIOs 
to  take  the  initiative  and  draw  up  blueprints, 
working  with  CEOs  and  other  key  func¬ 
tions,  for  the  globally  networked,  incessantly 
interactive  and  entirely  interdependent  busi¬ 
ness.  The  plans  will  be  needed  sooner  than 
most  managers  think — and  in  this  context, 
being  first  is  halfway  to  being  best,  ram 

U.K.-based  Robert  Heller  has  been  writing  about 
global  business  and  technology  issues  for  more 
than  30  years. 
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Business  would  never  let  it  happen.  Neither  should  e-business. 
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Recess  denied. 

insufficient  resources.  Stock  market 
unavailable  this  afternoon.  Please 
try  tomorrow. 
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Hotel  del  Coronado 

San  Diego,  California 

August  12-14,  2001 

PARTNERS 

Blue  Martini  Software 
Candle  Corporation 
EDS 

Infonet  Services  Corporation 
Infosys  Technologies 
Intel  Online  Services 
Novell,  Inc. 
PeopleSoft,  Inc. 
Predictive  Systems,  Inc. 
Tivoli  Systems,  Inc. 

Tonic  Software 
Unisys  Corporation 
Verizon 

This  year's  CIO  1 00  Awards  Ceremony 
is  proudly  underwritten  by 

CUSTOMERS  •  EMPLOYEES  •  SUPPLIERS 

People  power  the  internet: 


he  CIO  100  Symposium  and  Awards  is 


an  annual  program  held  in  conjunction  with  the 
CIO  100  Special  Issue  of  CIO  Magazine.  The 
special  issue  and  awards  ceremony  honors  the 
outstanding  achievements  of  100  organizations 
for  Leadership  and  Innovation  for  the  Future  of 
the  Enterprise. 


PRESENTERS 


Paul  Saffo,  Moderator 

Director  and 
Roy  Amara  Fellow 
Institute  for  the  Future 


Geoffrey  Moore 

Founder  and  President 
The  Chasm  Group 


John  Seely  Brown 

Chief  Scientist 
Xerox  Corporation 


Danny  Hillis 

Co-founder 
Applied  Minds 


The  2001  CIO  100  awards  will  recognize  companies  that 
have  demonstrated  innovation  in  a  number  of  areas:  by 
creating  new  products  and  services  that  offer  potentially 
significant  benefits  in  the  marketplace;  by  markedly 
refining,  redefining  and  improving  relationships  with 
outside  partners  or  customers;  or  by  creating  and  refining 
internal  processes  that  enable  them  to  stay  successful 
in  the  marketplace  or  to  take  the 
company  in  a  new  direction. 

The  Symposium  program 
explores  innovation  as  the  key  to 
future  change,  growth  and  success. 

And  who  better  to  moderate  our 
discussions  and  talk  to  us  about 
“Innovation  in  an  Age  of  Creative 
Destruction”  than  Paul  Saffo, 

Director  of  the  Institute  for  the 
Future?  Paul  believes  that  technology 
doesn’t  drive  change  -  it  merely 
enables  change.  It  creates  new 
options  and  opportunities  that  we 
choose  to  exploit.  To  him,  it  is  our 
response  to  technology  that  drives 
innovation  and  change. 

Joining  Paul  on  the  main  stage 
will  be  Geoffrey  Moore,  Danny  Hillis 
and  John  Seely  Brown.  At  last  year’s  Symposium,  Geoff 
shared  some  of  the  material  that  culminated  in  his  book, 
Living  on  the  Fault  Line.  He  returns  this  year  to  discuss 
what  lessons  he’s  learned  as  a  result  of  his  initial  engage¬ 
ments  with  Fortune  2000  companies.  Danny  Hillis, 


co-founder  of  Applied  Minds  and  former  Vice  President 
and  Disney  Fellow  of  the  Walt  Disney  Company,  is 
uniquely  qualified  to  address  “Creativity  and 
Technology.”  And  nothing  less  than  “The  Transformation 
of  Society”  is  the  topic  of  choice  for  scientist-artist- 
philosopher  John  Seely  Brown,  Director  of  the  Xerox 
Palo  Alto  Research  Center. 

Editor-in-Chief  of  CIO  Magazine 
Abbie  Lundberg  and  other  senior 
editors  will  again  be  on  hand  to  lead 
the  Executive  Mindshare  Sessions, 
small  group  discussions  for  partici¬ 
pants  to  share  experiences  and  find 
solutions  on  key  issues. 

Dust  off  the  golf  clubs  and  the 
tuxedo  -  you’ll  need  both  (although 
not  at  the  same  time!)  to  take  advan¬ 
tage  of  the  great  networking  opportu¬ 
nities  we  offer.  Sunday  we  host  a  golf 
tournament  at  the  newly  redesigned 
championship  Riverwalk  Golf 
Course.  Tuesday’s  black  tie  bash  pays 
tribute  to  this  year’s  CIO  100  Award 
Honorees  during  a  special  reception 
and  dinner.  Meet  more  of  your  fellow 
participants  at  Cafe  100  gatherings 
and  hospitality  events  hosted  by  our  corporate  Partners. 

And,  we’ll  always  have  a  few  surprises  in  store 
for  you.  Visit  our  Web  site  to  register  now,  or  to  check 
the  current  Agenda  from  time  to  time  for  new  presenters, 
sessions  and  activities. 


The  Famous  Hotel 
del  Coronado 

Recognized  as  a  one-of-a  kind 
setting,  the  Hotel  del  Coronado 
offers  a  unique  way  to  experience 
the  elegance  of  another  era,  and 
is  proud  to  be  chosen  to  host  the 
CIO  100  Symposium  and  Awards. 


To  enroll,  CALL  800  355-0246,  visit  our  WEB  SITE  at  www.cio.com/conferences. 


SECURITY  I  Special  Report 


THAT’S  THE  SAD  TRUTH  ABOUT  SECURITY  AT  MANY  COMPANIES. 

The  firewalls,  passwords  and  VPNs  may  look  formidable,  but 
determined  bad  guys  can  often  pick  the  locks  and  sneak  right  past 
the  guard  dogs  at  the  gate.  You  know  you  can  never  be  100  percent 
secure,  but  you  should  take  as  many  steps  as  possible  to  protect 
your  digital  assets.  Trouble  is,  the  pieces  of  the  security  puzzle 
are  constantly  moving,  multiplying  and  changing  shape.  How  are 
you  going  to  put  them  all  together?  You  know  your  business  model 
inside  and  out,  so  you’re  the  best  one  to  answer  that  question— and 
you  can  bet  it’s  going  to  be  more  involved  than  simply  hiding  behind 
a  firewall.  This  special  section  on  information  security  will  tell 
you  how  to  evaluate  and  mitigate  your  company’s  security  risk. 
First,  read  a  profile  of  Cardinal  Health’s  integrated  security  SWAT 
team.  Then  probe  the  limits  of  security  “seals  of  approval.”  Discover 
what  a  former  hacker  says  we  really  need  to  fear.  And  watch  how 
investigators  conduct  digital  autopsies  to  solve  computer  crimes. 
Now,  lock  the  door,  draw  the  shades  and  read. 
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Someone  to 
Watch  Over  You 

A  security  strike  force 
protects  Cardinal 
Health’s  digital  and 
physical  security.  Could 
this  work  for  you? 

PAGE  82 


Conspiracy  of  Silence 

No  one’s  talking  out 
loud  about  security.  They 
should  be.  PAGE  92 

12  Keys  for 
Locking  Up  Tight 

An  ounce  of  prevention 
isn't  enough.  Make  sure 


you  have  all  the  right 
ingredients.  PAGE  98 

Stamps  of  Approval 

Security  certification 
gives  you  a  seal  that 
tells  the  world  you’re 
secure.  But  is  it  a  bunch 
of  baloney?  PAGE  104 


IT  Autopsy 

When  an  attack  occurs, 
the  computer  forensics 
specialists  find  the 
smoking  gun.  PAGE  114 

Mudge  Ado 
About  Security 

Mudge,  a  former  hacker 


and  one  of  the  nation's 
foremost  security 
experts,  details  the 
perceptions  and 
fixations  that  hobble 
most  security  efforts. 
PAGE  126 


- - .... 


HHS® 


PHOTOGRAPHY  BY  ETHAN  HILL 


SECURITY 


Profile 


A  single  sentinel  in  charge  of  security,  both  physical  and  digital, 
makes  sense  for  this  company.  Does  it  make  sense  for  yours? 


BY  TRACY  MAYOR  A  SECURITY  BREACH  IS  ABOUT  TO  OCCUR  at  your  company.  Think  fast.  Who 

will  slam  the  electronic  door  on  a  hacker  without  erasing  evidence  of  the  digital 
misdeeds?  Would  someone  in  your  company  have  the  presence  of  mind  to  activate 
door  and  badge  systems,  pull  access  files  and  look  for  other  signs  of  a  physical 
break-in— or  would  those  thoughts  surface  days  or  weeks  later,  after  it  became  clear 
that  the  hack  was  an  inside  job?  When  the  time  came  to  charge  the  perpetrators, 
would  you  or  someone  who  works  for  you  feel  comfortable  advising  your  company’s 
lawyers  on  whether  or  not  to  prosecute  or  settle  the  matter  out  of  court  (and  out 
of  the  public  eye)?  *  With  its  new  Information  Protection  Team  headed  by  former 
FBI  supervisory  special  agent  John  Hartmann, 

Cardinal  Health  can  answer  “yes”  to  those  security 
questions.  As  vice  president  of  security  for  the 
$30  billion,  Fortune  100  health-care  manufacturing 
and  distribution  company  with  40,000  employees 
worldwide,  Hartmann  and  his  small  team  of  security 
specialists  oversee  all  aspects  of  asset  protection- 
including  digital  data,  a  job  many  people  consider  as 
being  in  the  purview  of  IS.  «  Hartmann’s  group  of 


Reader  ROI 

►  Learn  about  one 
organization's  integrated 
approach  to  security 

►  Hear  the  pros  and  cons 
of  a  consolidated 
security  effort 

►  Determine  how  you  might 
establish  your  company’s 
security  structure 
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15  acts  like  an  internal  SWAT  team,  help¬ 
ing  Cardinal’s  business  units  determine  the 
value  of  their  data,  assess  the  extent  of  its 
risk  and  decide  on  practical  security  levels 
on  a  case-by-case  basis.  “The  philosophy 
was  to  look  at  security  in  a  holistic  sense,” 
says  Hartmann.  “We  had  firewalls,  and  we 
had  people  with  a  portion  of  their  jobs 
related  to  security,  but  there  was  no  dedi¬ 
cated  team  to  address  the  big-picture 
aspects  of  protection.” 

This  global  view  of  physical  and  digital 
security  helps  Dublin,  Ohio-based  Cardinal 
maintain  a  clear  minimum  level  of  security 
throughout  the  company.  It  also  helps  iden¬ 
tify  when  actions  in  one  division  could  com¬ 
promise  security.  If  the  worst-case  scenario 
should  occur,  it  ensures  the  company  is 
ready  to  respond  and  defend  its  assets  in 
both  the  physical  and  virtual  worlds. 

While  those  goals  sound  sufficiently  well 
intentioned,  are  you  willing  to  give  up  cor¬ 
porate  real  estate  or  entrust  the  safety  of 
your  business-critical  digital  assets  to  some¬ 
one  in  a  separate  security  division?  If  your 
gut  answer  is  no,  you  may  need  to  sleep  on 
this  one.  Security  industry  watchers  and 
some  analysts  say  an  independent,  elevated 


security  function  is  fast  becoming  a  require¬ 
ment  for  companies  that  need  to  protect 
their  digital  assets  on  several  fronts. 

At  Cardinal,  Hartmann  receives  full  and 
enthusiastic  support  from  Kathy  Brittain 
White,  CIO  and  executive  vice  president, 
and  Tony  Rucci,  the  executive  vice  president 
and  chief  administrative  officer.  The  bottom 
line?  You  could  well  be  looking  at  your  next 
organizational  structure. 

Get  Physical 

When  Hartmann  joined  Cardinal  Health  in 
October  1998,  the  company  was  in  hyper¬ 
growth  mode.  Hartmann  was  brought  in  to 
keep  on  top  of  its  mushrooming  need  for 
plant  security,  theft  and  tampering  preven¬ 
tion,  and  the  other  precautions  typically 
addressed  by  security  officers. 

Then-COO  John  C.  Kane,  who  has  since 
retired,  was  concerned  that  Cardinal  was 
expanding  so  fast  that  it  was  in  danger  of 
outgrowing  its  security  function,  says 
Hartmann.  “The  original  plan  was  to  keep 
up  with  the  physical  security — cameras, 
gates  and  access  control — and  tackle  the 
larger  things  that  don’t  necessarily  always 
get  done  like  crisis  management,  risk  assess¬ 


ment  and  investigations  into  theft  loss  and 
product  tampering.”  One  of  those  things 
was  protecting  proprietary  information, 
which  is  Hartmann’s  specialty.  In  his  last 
position  with  the  bureau,  he  investigated 
trade-secret  thefts,  hacking  and  other  types 
of  corporate  information  loss. 

Hartmann  spent  his  first  six  months  sur¬ 
veying  internal  operations  and  gathering 
security  benchmark  data  from  contacts  he 
had  made  during  his  tenure  at  the  FBI.  After 
asking  individual  business  units  in  Cardinal 
to  spell  out  their  security  procedures  and 
concerns,  he  concluded  the  company  sorely 
needed  an  information  protection  policy  to 
serve  as  a  baseline  for  security  practices. 

“The  individual  business  units  lacked  a 
global  view,”  says  Hartmann.  Some  groups, 
typically  those  with  sensitive  data,  were  very 
competent  regarding  their  security  practices, 
but  other  groups  were  not.  “One  unit  may 
not  have  assets  that  are  as  high  on  the  risk 
scale  as  another’s,  but  their  actions  on  a 
large,  decentralized  network  affect  everyone. 
People  don’t  always  realize  the  implications 
their  actions  can  have  outside  of  a  central¬ 
ized  IT  function.  All  it  takes  is  one  box  con¬ 
nected  [improperly]  to  the  Internet.” 


“One  unit  may  not  have  assets  that  are  as  HIGH  ON  THE  RISK 

SCALE  AS  ANOTHER’S.  BUT  THEIR  ACTIONS  ON  A  LARGE, 

decentralized  network  affect  everyone.”  -John  Hartmann 
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Hartmann  called  his  A-list  of  corporate 
contacts  from  his  FBI  days  and  asked  them 
to  offer  their  best  practices  regarding  security. 

Hartmann’s  best  practices  contacts  all 
worked  in  companies  with  a  security  team 
reporting  to  IS  or  on  equal  footing  with  IS. 
“Companies  with  information  protection 
outside  had  increased  objectivity  and  inves¬ 
tigative  skills,  and  knowledge  that  doesn’t 
normally  reside  in  IT.”  For  example,  he  says, 
traditional  security  officers  often  have  some 
kind  of  investigative  training,  a  skill  IS  work¬ 
ers  rarely  possess. 

Armed  with  those  observations,  his  dis¬ 
coveries  about  Cardinal’s  business  units  and 
his  previous  experience  in  proprietary  data 
protection,  Hartmann  pitched  the  idea  that 
physical  and  information  security  should  be 
combined  into  one  functional  unit  of  respon¬ 
sibility  (the  plan  was  formally  adopted  in  the 
spring  of  2000). 

“The  door  was  open  for  me  to  do  what 
I  had  to  do  to  show  the  company  where  I 
thought  we  should  be,”  Hartmann  says. 
“Cardinal  is  a  company  that  creates  and  uti¬ 
lizes  a  vast  amount  of  proprietary  informa¬ 
tion.  We  do  a  lot  of  R&D,  we  have  a  lot 
of  self-manufactured  products  and  vast 
amounts  of  customer  information,  patient 
data  and  pricing  information.  All  of  that  is 
critical  to  our  business.”  Without  policies, 
practices  and  review  processes  to  address 
both  physical  and  electronic  vulnerabilities, 
he  argues,  the  company  would  be  hard- 
pressed  to  protect  those  assets. 

Cardinal  wins  points  for  merging  physical 
and  digital  security  from  Forrester  Research’s 
Senior  Analyst  Frank  Prince,  who  says  inte¬ 
grated  security  makes  sense  for  many  com¬ 
panies  and  is  a  must  for  those  involved  in 
e-business.  IS  brings  its  obvious  expertise 
in  network  intrusions,  and  traditional  secu¬ 
rity  personnel  have  more  experience  in  areas 
like  forensics  and  civil  and  criminal  lawsuits. 

Cardinal  has  already  had  experience  with 
such  malicious  intent.  Like  all  security  exec¬ 
utives,  Hartmann  is  reluctant  to  talk  about 
breaches  at  Cardinal,  but  he  acknowledges 
that  two  former  employees  were  scheduled 
to  go  on  trial  in  March  2001  for  theft  of 


“The  ID  is  that 

Cardinal  takes  INFORMATION  PROTECTION  AND 
SECURITY  very  seriously.  -John  Hartmann 


trade  secrets.  Hartmann  is  slated  to  testify 
in  the  case  and  can  only  say  that  the  inci¬ 
dent  was  a  combination  of  digital  and  phys¬ 
ical  (an  electronic  plus  hard-copy)  theft,  the 
investigation  happened  under  his  watch,  and 
he  recommended  to  senior  executives  that 
the  company  press  charges.  “The  message 
we  want  to  send  is  that  Cardinal  takes  infor¬ 
mation  protection  and  security  very  seri¬ 
ously  and  will  go  to  all  means  to  protect  that 
information,”  he  says. 

To  Assist  and  Advise 

Hartmann’s  group  is  charged  with  four  pri¬ 
mary  responsibilities: 


■  Developing  and  updating  security  poli¬ 
cies  that  are  understood  and  agreed  on  by 
business  unit  leaders  and  effectively  com¬ 
municated  and  enforced  throughout  the 
organization 

■  Conducting  vulnerability  assessments 
of  networks  and  systems,  as  well  as  filing 
cabinets,  desk  drawers  and  any  place 
where  security  breaches  might  occur, 
whether  digital  or  physical 

■  Collaborating  projects 

■  Detecting  intrusions  and  coordinating 
emergency  response  when  a  security 
breach  occurs  or  a  cataclysmic  event  hits 
the  company 


SECURITY 
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In  other  words,  Hartmann’s  team  talks 
about  the  need  for  firewalls  rather  than 
installing  them.  “John  isn’t  doing  password 
protection  and  firewalls.  That’s  our  job.  All 
the  security  that  you  need  for  applications 
is  our  responsibility,”  says  CIO  White,  who 
doesn’t  feel  she  is  losing  “real  estate”  to 
Hartmann.  “He  covers  things  like  patent 
protection  that  my  group  would  never  deal 
with.  I  think  of  what  he  does  as  an  enhance¬ 
ment  rather  than  giving  up  ground.” 

White  presides  over  a  $250  million,  1,500- 
person  operation  and  has  responsibility  for 
all  IT  initiatives,  including  the  company’s 
business-critical  Cardinal.com  e-commerce 
project.  The  role  of  Hartmann’s  15-person 
team  is  “to  assist  and  advise.” 

Every  Cardinal  business  group,  including 
IS,  is  ultimately  responsible  for  its  own  day- 


to-day  operational  security.  Hartmann’s 
group  provides  global  intrusion  detection, 
easy  access  to  security  expertise,  an  enter¬ 
prisewide  view  of  data  protection  and  if  all 
else  fails,  a  targeted  response  team  trained 
to  minimize  damage  and  preserve  evidence. 

“I  focus  on  what’s  right  for  my  area. 
They’re  looking  at  the  big  picture  for  the 
whole  company,”  says  Mike  Beck,  manager 
of  telecommunications  and  technical  shared 
services,  which  has  called  on  the  Infor¬ 
mation  Protection  Team  when  developing 
the  company’s  Internet  infrastructure  for 
Cardinal.com.  “We  go  to  them  and  get  their 
opinion  first,  and  we  follow  their  guidelines 
in  setting  up  our  security  features.” 

“John  has  acted  as  a  consultant  to  the 
CIO  and  to  me  to  help  us  figure  out  what 
the  state  of  the  art  should  be  on  informa¬ 


tion  protection,”  says  CAO  Rucci.  “But  it’s 
very  clear  in  my  mind  that  the  accountability 
falls  with  the  CIO  for  anything  and  every¬ 
thing  having  to  do  with  information  security. 
Kathy  White  has  full  involvement  and  veto 
power  over  information  security.” 

Hartmann  and  White  have  nothing  but 
praise  for  each  other  and  their  collaborative 
environment,  and  each  insists  that  in  two 
years  they  have  not  encountered  an  impasse 
that  couldn’t  ultimately  be  resolved  through 
bargaining  and  negotiation.  “I  get  asked  to 
make  judgment  calls  in  situations  where  the 
ideal  scenario  is  X,  the  practical  solution  is  Y 
and  the  minimally  acceptable  solution  is  Z,” 
says  Rucci,  who  gets  the  occasional  jump 
ball  kicked  to  his  office.  “We  have  to  take 
it  on  a  case-by-case  basis,  but  the  big  ques¬ 
tion  is  always,  What  is  in  the  best  interest 
of  our  customers  and  our  shareholders?” 


I  Y" 
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THE  SECURITY 
EXECUTIVE’S  TO-DO  LIST 

■  Merge  physical  and  IT  security  organizations. 

■  Have  asset  owners  identify  critical  assets,  determine 
their  value  and  participate  in  risk  assessments. 

■  Audit  security  early  and  often. 

■  Demand  background  checks  and  psychological  profiling 
for  sensitive  staff. 

■  Evaluate  business  partners’  security. 

Source:  Forrester  Research 


Collaborate  Early  and  Often 

In  his  benchmarking  research,  Hartmann 
realized  that  organizations  with  the  most 
effective  information  protection  strategies 
had  created  a  team  of  experts  who  func¬ 
tioned  like  internal  business  consultants. 
“That’s  the  model  we  adopted,”  he  says. 
Although  he  refers  to  his  team  as  a  service 
organization  and  his  business-unit  users  as 
clients,  funding  comes  from  the  corporate 
budget  rather  than  a  charge-back  basis. 

The  goals  of  Hartmann’s  team  are  to 
emphasize  collaboration,  get  involved  in 
projects  as  early  as  possible  when  security 
considerations  can  easily  and  inexpensively 
be  built  into  applications  to  offer  solutions, 
instead  of  simply  pointing  out  transgres¬ 
sions.  “The  old  days  of  in-your-face  secu¬ 
rity  are  gone,”  Hartmann  says.  “You  can’t 
just  point  your  finger  at  someone  and  say, 
‘Your  system’s  not  secure.’  You’ve  got  to 
bring  him  a  solution.” 

For  instance,  when  White  was  in  the 
planning  stages  for  Cardinal.com,  the  com¬ 
pany’s  procurement  and  reporting  site  for 
health-care  corporations,  a  representative 
from  Hartmann’s  group  was  involved 
to  establish  security  policies,  provide  secu¬ 
rity  guidance  and  conduct  a  security  review 
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)™  keeps  Exodus®  soaring.  It  can  do  the  same  for  von 

I.  o  * 


Sam  S,  Mohamad,  President  Worldwide  Sales  &  International  Field  Operations,  Exodus  Communications 


as.com/netbackup. 


VERiTAS 

BUSINESS  WITHOUT  INTERRUPTION 


"As  the  leading  provider  of  Internet  hosting  for  enterprises,  we,  at  Exodus,  must  protect  our  clients’  business  critical  data  24x7. 
VERITAS  NetBackup  provides  a  data  center  strength  backup  solution  scalable  to  meet  our  customers’  requirements.  We  rely  on 
NetBackup  to  ensure  our  customers  a  level  of  data  protection  that  today’s  mission  critical  applications  demand." 
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Comprehensive  Sol 
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HARTMANN  IS  ALL  TOO  AWARE 

that  security  people,  especially  former 
FBI  employees,  CAN  COME  OFF  AS 
PARANOID  FANATICS. 


when  the  project  was  ready 
to  launch.  However,  the  nuts- 
and-bolts  details  of  passwords, 
firewalls  and  so  on  were  left  to 
e-commerce  designers  in  individ¬ 
ual  IS  groups  like  Beck’s. 

When  business  unit  managers 
disagree  with  security  advisers  on 
the  level  of  protection  a  particular 
project  needs,  business  value  is 
always  the  tie  breaker,  Hartmann 
says.  The  Information  Protection 
Team’s  formal  mission  is  to 
“ensure  the  integrity,  confidential¬ 
ity  and  availability  of  critical  infor¬ 
mation  and  information  assets, 
while  maintaining  the  competitive 
agility  of  Cardinal  Health  business 
units.”  In  other  words,  Cardinal 
wants  to  be  as  secure  as  it  can  be. 

Hartmann  is  all  too  aware  that 
security  people,  especially  former 
FBI  employees,  can  come  off  as 
paranoid  fanatics.  “We  constantly 
balance  risk  versus  accomplish¬ 
ment.  The  onus  is  on  us  to  come 
up  with  security  solutions  that 
don’t  hinder  business  goals.” 

In  building  the  Information 
Protection  Team  and  developing 
security  guidelines,  Hartmann 
first  convened  an  advisory  committee  com¬ 
prising  representatives  from  legal,  risk  man¬ 
agement,  internal  audit,  HR,  IS  and  other 
key  departments  to  establish  standards  and 
working  procedures.  “If  you  want  people 
to  feel  like  they  own  the  policy,  you  have  to 
pull  them  together  and  ask  for  their  input. 
If  you  want  a  team  response,  you  have  to 
have  the  group  offer  solutions  right  from 
the  beginning.” 

The  team  often  tries  to  walk  business 
owners  through  the  process  of  understand¬ 
ing  just  how  much  their  knowledge  assets 
are  worth  to  the  company  and  just  how  vul¬ 
nerable  they  may  be.  Once  business  units 
have  a  full  idea  of  what  their  assets  are 
worth,  they’re  often  more  likely  to  agree 
with  the  team’s  security  recommendations. 

Early  and  frequent  collaboration  is  the 


easiest  way  to  smooth  negotiation  among 
the  various  departments,  says  Forrester 
Research’s  Prince.  To  determine  who  should 
be  at  the  table  when  it  comes  time  to  build 
a  security  team,  Prince  suggests  skipping 
ahead  and  envisioning  an  actual  security 
breach  at  your  company.  Who  needs  to  be 
involved?  Certainly  IS,  but  also  plant  secu¬ 
rity,  facilities  people,  HR,  legal,  public  rela¬ 
tions  and  so  on.  “Instant-response  teams 
have  a  range  of  organizational  components, 
but  those  people  should  all  be  involved  in 
planning  and  implementing  security  in  the 
first  place,”  he  says. 

On  the  Case 

For  all  their  initial  success,  Cardinal  execu¬ 
tives  aren’t  sure  if  their  current  structure  is 
the  result  of  institutional  brilliance  or  sim¬ 


ply  a  matter  of  skilled  person¬ 
alities  in  the  right  place  at  the 
right  time.  Rucci  and  White 
are  both  enthusiastic  support¬ 
ers  of  Hartmann,  but  say  his 
position  is  the  result  of  his 
unique  background  and  the 
entrepreneurial  atmosphere 
that  was  in  play  at  Cardinal 
at  the  time. 

“John  Hartmann  had  been 
with  the  FBI,  and  his  special¬ 
ization  was  information  pro¬ 
tection.  We  looked  at  that  and 
said,  ‘Here’s  a  person  with 
some  unique  skill  sets,  what 
should  we  do  with  him?”’ 

White  agrees  with  the 
unique  nature  of  Cardinal’s 
situation.  “If  John  were  not 
here  at  the  time,  it  probably 
wouldn’t  have  been  done  that 
way,”  she  says.  “My  organi¬ 
zation  was  so  lean,  his  organ¬ 
ization  was  brand  new;  it’s  as 
if  we  were  in  startup  mode. 
In  an  organization  with  a 
more  mature  IS  group,  I  don’t 
know  if  it  would  make  sense 
to  pull  security  out  like  that.” 
Security  specialists  believe 
Cardinal’s  approach  will  make  sense  for  more 
organizations  in  the  long  run.  As  companies 
realize  their  intellectual  property  exists  in  mul¬ 
tiple  forms,  they’ll  eventually  move  toward  a 
risk-management  model  of  protection  that 
addresses  physical,  logical,  technical  and  busi¬ 
ness  risks,  predicts  Christian  Byrnes,  vice  pres¬ 
ident  for  security  programs  at  Meta  Group, 
a  Stamford,  Conn.-based  consultancy. 

Byrnes  has  seen  a  few  early  adopters  like 
Cardinal  in  the  health-care  and  finance  sec¬ 
tors,  but  feels  most  companies  are  still  five  to 
10  years  away  from  having  an  elevated, 
coordinated  security  unit.  “You  can’t  say  it’s 
the  wave  of  the  future  yet,”  he  says.  “But  the 
far  future?  Yes,  probably.”  QQ 


Tracy  Mayor  is  a  freelance  writer  in  South  Hamilton, 
Mass.  You  can  reach  her  at  tmayor@mediaone.net. 


A  comprehensive.  Integrated  information 
protection  solution  will  allow  Cardinal  Health  to 
minimize  and  manage  information  protection  risk. 


WA.WOF  and 
IMPROVE 
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Every  day  pushing  the  ball  up  the  hill  only  to  have  it  come  tumbling  back  down.  Every  year;  CIOs  negotiate 
lower  and  lower  bandwidth  costs,  only  to  mysteriously  have  their  bandwidth  spending  go  through  the  roof. 


Up  One  Day;  Down  The  Next. 


Streaming  Media,  Web  Casting,  Web  Conferencing,  ASP  Services:  All  Exciting  Applications. 
All  Bandwidth  Hungry! 

NetCountant®  Accountability  is  the  only  industry  solution  that  provides  IT  with  the  capability  to  bill  back  network 
consumption  to  the  actual  user  to  gain  visibility  into  the  network,  to  predict  bandwidth  cost  implications  of  new 
applications.  Visibility,  Control  and  Accountability. 


For  further  information  about  our  chargeback/billing  solutions,  contact  us  at: 

Park  80  West,  Plaza  II,  Saddle  Brook,  NJ  07663 

Phone:  1 .888.APOGEE.3  (276.4333)  U.S.  only;  or  1.201.368.8800  •  Fax:  1.20 1.843.050 1 
Email:  info@apogeenetworks.com  #  Web:  www.apogeenetworks.com 
For  career  opportunities,  contact  us  at:  careers@apogeenetworks.com 
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Windows  2000 ADVANTAGE 


The  Web  Magazine  for  IT  Leaders  Implementing  Windows  2000  and  Windows  NT  with  Compag  Services  and  Solutions 


POINT  OF  VIEW 


Compaq  Integration2000  delivers  enterprise  e-com¬ 
merce  solutions 


Integrating  enterprise  applications  recently  got  a  boost 
with  Compaq's  Integration2000.  The  initiative  can  solve 
the  largest,  most  difficult  business  integration  problems. 
www.windows2000advantage.com/pov/ 
12-11-00_integration.asp 


TECH  EDGE 


The  Windows  2000  IT  Professional  Certification 
Program 


Microsoft  provides  IT-professional  certifications 
across  many  areas  of  expertise.  The  program  has 
over  600,000  Microsoft  Certified  Professionals. 
www.windows2000advantage.com/tech_edge/ 
01-15-01_mcse.asp 


O&A 


Active  Directory  worth  the  internal  Unix  strife 

Dan  Kunetzky,  vice  president  of  systems  research 
at  International  Data  Corp.,  says  that  Windows 
2000  is  headed  down  a  successful  path. 
www.windows2000advantage.com/qa/ 
12-18-00_unix.asp 


MOMENTUM  > 

Report  says  Windows  2000  servers 
featuring  99.964  uptime 


Following  up  on  an  earlier  report  that  said  dot-com  users 
were  responding  favorably  to  Microsoft  Windows  2000,  the 
Aberdeen  Group  has  issued  a  new  report  in  which  users  are 
certifying  high  reliability  and  scalability  with  their  Windows 
2000  systems. 


For  the  full  story,  visit: 
www.windows2000advantage.com/500 


2000  GENERATION  > 


Microsoft  Mobile  Information  2001  Server  enabling 
Windows  2000  mobile  users  to  go  wireless 


In  anticipation  of  high  projected  wireless  mobile  Web  and  e-mail 
access  demand,  Microsoft's  Mobile  Information  2001  Server  - 
which  was  introduced  as  part  of  the  .NET  enterprise  server  line  - 
was  created  with  Microsoft  Windows  2000  mobile  users  in  mind. 
Expected  to  become  available  during  the  first  half  of  this  year, 
Mobile  Information  2001  Server  will  offer  not  only  e-mail  access, 
but  access  to  calendaring  and  other  wireless  applications  such  as 
customer  relationship  management  (CRM)  and  accounting. 


COLUMNS 


Avoid  the  ostrich  approach  to  security 


For  the  full  story,  visit:  www.windows2000advantage.com/ 
2000gen/12-04-00_mobile.asp 


Amazingly,  many  companies  still  take  an  apathetic 
approach  to  security  because  they  don't  believe  a 
security  disaster  will  ever  happen  to  them.  Columnist 
Olivier  Thierry  begs  to  differ. 
www.windows2000advantage.com/columns/ 
01-08-01_security.asp 


Q&A> 

Aberdeen  Group  analyst  says  Windows  2000  ready 
for  reliability  prime  time 


CASE  STUDIES 


RadioShack,  Starbucks  blazing  Commerce 
Server  2000  trail 


Tom  Manter,  research  director  at  the  Aberdeen  Group,  is 
finding  that  both  dot-com  and  enterprise  computing  users 
are  increasingly  choosing  Windows  2000  over  Unix  alterna¬ 
tives.  Could  this  mean  that  Sun  is  setting? 


Before  Microsoft's  Commerce  Server  2000  hit  the  street, 
it  went  through  an  extended  beta  testing  trial  with  top- 
tier  companies. 

www.windows2000advantage.com/case_studies/ 

01-22-01_commerce.asp 


For  the  full  story,  visit: 
www.windows2000advantage.com/500 


www.Windows2000Advantaae.com/500 


MOMENTUM  > 

Rapid  Economic  Justification  methodology  paves 
way  for  Windows  2000 

To  assist  IT  executives  with  the  challenges  of  economic  justification  of 
their  technology  proposals,  Microsoft  offers  its  Rapid  Economic  Justification 
(REJ)  framework.  According  to  Microsoft,  the  purpose  of  REJ  methodology 
is  twofold:  to  help  IT  professionals  analyze  and  optimize  economic  perform¬ 
ance  of  IT  investments,  and  to  expedite  resources  and  capital  appropriation 
for  IT  projects.  Thus,  IT  executives  are  able  to  do  scenario  planning,  effec¬ 
tively  trying  out  which  investments  would  make  the  most  business  sense  for 
an  organization. 

"About  four  years  ago,  Total  Cost  of  Ownership  (TCO)  was  a  key  decision 
factor  for  IT  investments,"  says  Shafeen  Charania,  Microsoft's  director  of 
Business  Value  Marketing.  "Microsoft  focused  its  product  development  and 
planning  to  address  TCO,  and  ensure  that  Microsoft  products  provided  suc¬ 
cessively  lower  TCO." 

Then,  approximately  two  years  ago,  Microsoft  began  to  examine  the 
other  side  of  the  technology  investment  coin,  with  a  lens  focused  on  Total 
Benefit,  or  Value  of  Ownership.  "As  we  started  looking  at  the  benefits  versus 
just  the  costs  associated  with  IT,  we  began  to  understand  that  this  is  a  rela¬ 
tively  new  area  of  research,  and  that  most  efforts  to  quantify  the  benefits  of 
IT  involved  a  great  deal  of  analysis  and  many  months  of  effort,"  says 
Charania.  "We  felt  that  it  would  be  a  good  thing  to  build  a  framework  that 
provided  a  more  immediate  analysis  of  the  business  impact  of  IT.  We 
engaged  academia,  industry  analysts  and  worked  with  customers  and  part¬ 
ners  to  develop  the  REJ  framework." 

Microsoft's  REJ  process  provides  templates  for  written  documentation, 
and  a  presentation  format  for  the  economic  analysis.  In  all,  the  REJ  frame¬ 
work  consists  of  five  steps. 

For  the  full  story,  visit:  www.windows2000advantage.com/ 

momentum/01-15-01_rej.asp 


QUOTE  OF  THE  WEEK  > 

"You  can  take  Commerce  Server  2000  out  of 
the  box,  slap  a  coat  of  paint  on  its  pre-built 
features  and  make  it  do  what  you  need  to  do." 

—  Rob  Reed 
manager  of  Web  IT 
Starbucks  Direct 


What  is  Windows  2000  Advantage? 

The  mission  of  Windows  2000  Advantage  is  to  become 
your  primary  source  of  timely,  useful  information  for  planning 
and  implementing  Microsoft  Windows  2000  on  Compaq  solu¬ 
tions  and  services. 

Windows  2000  Advantage  is  a  Web-only  magazine 
because  that  lets  us  bring  you,  the  IT  leader,  great  stories 
that  apply  to  your  day-to-day  work.  We'll  keep  you  up  to  date 
with  a  weekly  e-mail  alert  so  you  don't  miss  a  thing. 

Windows  2000  Advantage  is  underwritten  by  Microsoft 
and  Compaq.  Its  charter  is  to  address  the  issues  that  most 
concern  IT  managers  charged  with  keeping  their  companies 
on  top  of  the  latest  and  best  solutions  Microsoft  and  Compaq 
have  to  offer.  Toward  that  goal,  we  offer  a  wide  range  of  sto¬ 
ries  including  case  studies,  columns  and  news  to  provide  you 
with  information  you  can't  find  anywhere  else. 
_ 


Windows  2000  ADVANTAGE 


www.Windows2000Advantage.com/500 


QUICKPOLL  > 


Cast  your  vote  now  at: 

www.Windows2000Advantage.com/500  Base:  302  Respondents 


Microsoft •  COMPAQ. 
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ILLUSTRATIONS  BY  MARTIN  O'NEILL 


SECURITY 


Attitudes 


You  can’t  ignore  them  or  avoid  them,  so  you  might  as  well  face 
the  security  threats  to  your  company’s  digital  crown  jewels 


BY  ANGELA  GENUSA  WHEN  IT  COMES  TO  DIGITAL  INFORMATION  SECURITY,  CIOs  seem  to  heed  the 

advice  of  the  World  War  II  propaganda  posters  that  read,  “Loose  Lips  Sink  Ships.” 
Although  security  is  on  every  CIO’s  mind  these  days,  it’s  certainly  not  on  their  lips. 
We  contacted  more  than  two  dozen  CIOs  to  speak  with  them  about  security.  While 
many  declined  our  requests  for  an  interview,  several  spoke  with  us  only  on  the  con¬ 
dition  of  anonymity.  As  the  CIO  of  a  financial  services  company  explained,  “Neither 
I  nor  any  of  my  peers  would  want  to  go  on  record  as  saying  we’re  concerned  about 
it  and  know  we  have  flaws,”  he  says.  “Nor  would  we  want  to  say  we’re  not  concerned 
about  security,  that  we  have  everything  in  place  and 


we  are  bulletproof.  Either  way,  it  would  immediately 
set  us  up  as  a  target  and  a  challenge  for  hackers 
or  attacks.”  ■  Security  is  the  one  critical  IT  issue 
corporate  America  isn’t  talking  about  for  fear  that 
anything  that  is  said  could  be  construed  as  an 
invitation  to  attack.  Experts  say  this  conspiracy  of 
silence  only  aids  those  responsible  for  digital  secu¬ 
rity  breaches.  ■  What's  the  best  course  of  action? 


Reader  ROI 

►  Understand  the  nature 
of  security  risks  to 
your  organization 

►  Realize  the  level  of 
security  appropriate 
for  your  digital  assets 

►  Develop  an  awareness 
of  security  issues  facing 
your  company 
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SECURITY  Attitudes 


Acknowledge  the  problem,  pay  attention  to 
security  threats  (both  known  and  unknown), 
and  if  your  company  experiences  a  security 
breach,  don’t  treat  it  like  a  dirty  little  secret. 
Talking  about  it  internally  and  sharing  infor¬ 
mation  externally  with  other  IT  executives 
and  law  enforcement  authorities  will  help 
everyone  better  understand  security  threats 
and  improve  prevention  efforts. 

The  fear  of  attack  is  real  and  valid.  Every 
day  there  are  new  reports  of  security 
breaches.  The  list  of  companies  that  pub¬ 
licly  suffered  attacks  last  year  is  a  literal  A 
to  Z  of  networked  America — Amazon.com, 


America  Online,  AT&T,  BellSouth,  Bloom¬ 
berg,  the  CIA,  De  Beers,  E-Trade  Securities, 
the  FBI,  Lucent  Technologies,  Microsoft, 
Qualcomm,  The  Republican  National  Com¬ 
mittee,  Slashdot,  Sony  Corp.  of  America,  the 
University  of  Washington  Medical  Center, 
Verizon,  Western  Union  and  Yahoo. 


These  are  just  some  of  the  publicly 
acknowledged  attacks,  say  computer  secu¬ 
rity  professionals.  In  a  recent  survey  by  the 
Computer  Security  Institute,  90  percent  of 
information  security  managers  have  detected 
breaches  at  their  organizations.  Despite  this 
alarm,  upper  management — fearing  bad 
publicity,  shareholder  wrath  and  consumer 
mistrust — has  erected  a  firewall  of  silence 
around  the  double-headed  beast  of  security 
and  privacy.  “Nobody  wants  to  admit 
they’ve  had  some  level  of  intrusion  or  break- 
in,  but  I  can’t  imagine  that  there’s  anybody 
out  there  who  hasn’t  had  an  unauthorized 


access  or  attempt,”  says  the  executive  vice 
president  of  IT  at  a  financial  services  corpo¬ 
ration.  Only  a  handful  of  the  companies  that 
have  had  breached  security  or  compromised 
data  ever  report  it  to  law  enforcement  offi¬ 
cials,  say  the  FBI  and  security  consultants. 

That  is  one  possible  explanation  why 


only  26  percent  of  CIOs  and  IT  executives 
said  their  company  had  ever  been  hacked, 
according  to  a  survey  at  the  CIO- 100  con¬ 
ference  last  August.  Sixty-two  percent  said 
their  company  has  never  been  victimized  by 
external  computer  crime,  and  11  percent 
were  unsure.  Unsure  is  the  key  word. 
“These  people  are  being  hacked;  they  just 
don’t  know  it,”  says  the  CIO  of  a  research 
and  engineering  company. 

Open  and  Shut  Case 

As  corporate  networks  keep  expanding, 
CIOs  face  a  catch-22  situation.  Opening  their 
infrastructures  to  customers,  suppliers,  busi¬ 
ness  partners  and  employees  is  a  must.  Yet 
doing  so  makes  their  companies  more 
vulnerable  to  security  breaches  or  attack. 
“On  the  one  hand,  we’re  getting  pulled 
to  make  it  easier  and  easier  [for  everyone]  to 
access  key  data  from  anywhere  in  the  world,” 
says  the  CIO  of  a  Fortune  1000  manufactur¬ 
ing  company.  “On  the  other  hand,  we’re  wor¬ 
ried  about  security.  We’re  building  a  paradox 
here.  How  do  you  do  all  that?” 

CIOs’  jobs  have  been  made  even  more 
difficult  as  most  corporations  trampled  past 
security  issues  in  the  mad  rush  to  mine 
e-commerce  gold.  In  the  CIO-1 00  survey,  a 
mere  9  percent  of  the  respondents  reported 
security  as  the  number-one  technology- 
related  issue  on  which  their  company  was 
currently  focused.  More  than  half  of  busi¬ 
nesses  worldwide  spend  5  percent  or  less 
of  their  IT  budget  securing  their  networks, 
according  to  a  recent  study  by  Datamoni- 
tor.  More  than  30  percent  have  yet  to  even 
implement  adequate  security. 

Most  of  the  CIOs  we  spoke  to  believe  the 
security  breaches  they’ve  experienced  thus 
far — “fortunately,”  they  say  with  relief — are 
nuisances  rather  than  dire  threats  to  their 
companies.  However,  even  mere  security  nui¬ 
sances  can  do  real  damage  to  the  bottom  line. 

Take  the  “I  Love  You”  virus.  This  and 
similar  viruses  brought  down  systems 
worldwide  and  caused  $6.7  billion  in  dam¬ 
ages  in  the  first  five  days,  according  to 
Computer  Economics.  Denial-of-service 
attacks  that  temporarily  took  down  high- 


“Nobody  A/ANTS  TO  ADMIT  they’ve  had 

some  level  of  intrusion  or  break-in.” 

-An  executive  vice  president  of  IT  at  a  financial  services  corporation 
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NQLs  remarkable  new  enterprise-wide 
software  platform  now  allows  the  ability  to 
deploy  and  transform  information  residing  in 
any  data  source,  including  legacy  systems 
and  web  sites,  into  any  information  device  or 
popular  application  where  it  can  be 
reconfigured  in  any  manner,  to  suit  any  user. 


ContentAnywhere™  will  enable  any  member 
of  your  enterprise  to  easily  insert  information 
into  documents,  contact  managers, 
spreadsheets,  presentation  programs  -  you 
name  it.  But  these  examples  barely  scratch 
the  surface.  Its  uses  are  virtually  endless. 
Apply  it  in  wireless  devices  such  as 
Palm  Vlls™,  smart  phones,  pocket  and 
hand-held  PCs,  even  right  into  live,  real-time 
desktop  application  documents.  Set  it  to 
perform  tedious  tasks  automatically  too.  No 
other  content  management  resource  comes 
close  to  these  vast  capabilities. 
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Come  to  our  web  site  to  see  the  many 
revolutionary  ways  our  remarkable  software 
can  be  used  to  elevate  your  enterprise,  your 
portal,  or  your  next  product;  and  to  explore 
how  your  organization  will  thrive  by  using 
content  anywhere,  in  any  way,  by  any  means 


A  generation  ahead 


Elevate  your  enterprise 


Revolutionary 


Arm  your  enterprise  to 
use  content  anywhere, 

^  in  any  way, 
by  any  means. 


Introducing 


http://contentanywhere.nqli.com 


Thinks. 


i>gQ.Q1  1NQL.  ine.  NQU*’  is  a  trademark  of  NQL,  Inc,  NQLCfo'^  ^  is; &  ttacifemark  of  NQL.  ifnc.  Pairin  VII™  js  a  trademark  of  Palm,  lnc':. 


SECURITY  |  Attitudes 

profile  websites  like  Amazon.com,  eBay  and 
Yahoo  in  February  2000  cost  $1.2  billion, 
according  to  The  Yankee  Group.  More  than 
74  percent  of  companies  have  experienced 
financial  losses  because  of  cybercrime, 
according  to  the  Computer  Security  Institute 
report.  The  price  tag  on  e-security  breaches 
alone?  More  than  $17  billion  worth  of 
damage  worldwide  in  2000. 

Software  giant  Microsoft  was  reportedly 
hacked  for  months  before  it  discovered  the 
breach.  The  costs  to  a  company’s  credibility 
and  losses  in  consumer  confidence  are  diffi¬ 
cult  to  calculate  but  can  be  enormous. 

What’s  worse,  experts  and  government 
officials  warn  that  these  incidents  are 
“canary  in  a  coal  mine”  signs  that  portend 
a  huge  security  disaster.  At  the  Microsoft 
SafeNet  2000:  Policy  and  Practice  in  the 
Internet  Age  summit  in  Redmond,  Wash., 
experts  tossed  around  talk  of  “the  big 
one” — a  digital  Pearl  Harbor,  a  World  Trade 
Center  e-mail  bomb  or  an  Exxon  Valdez 
data  spill.  The  CIO  of  a  Fortune  500  man¬ 
ufacturing  company  believes  these  apocalyp¬ 
tic  predictions  may  come  to  pass.  “I  hate  to 
say  it,  but  I  think  they’re  right,”  he  says. 
“Somebody’s  going  to  break  in  somewhere 
and  do  something  dramatic,  and  then  people 
will  wake  up.” 

Security  Through  Obscurity 

Many  CIOs  espouse  a  similar,  it-always- 
happens-to-the-other-guy  kind  of  thinking 
when  it  comes  to  security  disasters.  “We’re  off 
the  radar  screen,”  says  the  Fortune  500  man¬ 
ufacturing  company  CIO.  “Who  cares  what 
we  do — except  maybe  for  a  competitor  or 
someone  who  has  a  grudge  against  us?” 

In  today’s  networked  economy,  security 
experts  warn,  CIOs  can  no  longer  afford  to 
think  that  way.  “The  concept  of  ‘security 
through  obscurity,’  that  ‘There  are  so  many 
companies  out  there,  why  would  I  be  a  tar¬ 
get?’  was  once  almost  plausible,”  says  John 
S.  Tritak,  director  of  the  U.S.  government’s 
Critical  Infrastructure  Assurance  Office  in 
Washington,  D.C.  “If  your  company  de¬ 
pends  on  a  brand,  any  customer  interaction, 
back-office  business  functions  or  networking 


“Somebody’s  going  TO  BREAK  IN  somewhere 
and  do  something  dramatic, 

and  then  PEOPLE  WILL  WAKE  UP.” 

-CIO  of  Fortune  500  manufacturing  company 


dependencies,  a  minimal  level  of  security  is 
a  must  in  today’s  economy.” 

Security  experts  urge  CIOs  to  tear  down 
the  firewall  of  silence  that  surrounds  secu¬ 
rity.  Corporate  America  needs  to  go  public 
about  its  security  secrets,  they  say,  and  share 
information  to  learn  from  others’  mistakes 
and  create  consistent  protocols. 

“We  need  to  publicize  attacks,”  writes 
Bruce  Schneier  in  Secrets  &  Lies:  Digital 
Security  in  a  Networked  World  (Wiley,  John 
&  Sons,  2000).  “We  need  to  publicly 
understand  why  systems  fail.  We  need  to 


share  information  about  security  breaches: 
causes,  vulnerabilities,  effects,  methodolo¬ 
gies.  Secrecy  only  aids  the  attackers.” 

Whatever  you  do,  don’t  ignore  the  issue, 
says  the  CIO  of  a  Fortune  500  financial 
services  company  who  has  survived  at  least 
one  nasty  security  incident.  He  says,  “It’s 
here,  and  if  you  ignore  it,  you’ll  get 
burned.”  BE] 


Senior  Writer  Angela  Genusa  promises  to  keep  your 
secrets.  Tell  her  about  your  company’s  security  or 
insecurity  at  agenusa@cio.com. 
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Confirmed 


Secure 


Digitally  Signed 


Feeling  secure  about  your 
confidential  e-mail? 

Those  important  documents  you’re  e-mailing  every  day 
to  clients,  customers  and  business  partners. . . 

-  Ever  worry  if  they  made  it  to  the  intended  recipients? 

-  Or  whether  they  were  intercepted  or  lost  along  the  way? 

Who  knows?  YOU  DO  with  Omtool’s  new  confirmed 
messaging  application  —  Genidocs.  Genidocs  notifies 
you  when  your  message  has  been  delivered  and 
encrypts  it  along  with  any  attachments,  allowing  you  to 
send  valuable  documents  with  confidence,  using  the 
ease  and  speed  of  the  Internet. 

If  you're  considering  installing  a  security  infrastructure, 
which  can  be  expensive,  time  consuming  and  complex, 
what  will  handle  your  security  needs  today? 

Genidocs.  Genidocs'  simple,  zip-based  encryption 
scheme  is  remarkably  secure  and  offers  digital  signature 
capability.  Genidocs  uses  the  e-mail  system  you  already 
have  in  place  providing  an  easy-to-use,  easy-to-deploy, 
reasonably  priced  alternative  to  complicated  document 
protection  solutions  available  today. 

Try  our  interactive  demo  and  see  how  easy  it  can  be! 

www.omtool.com/mailgenidocs 

For  more  information:  1.800.886.7845 
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SECURITY 


Risk  Management 


There  is  a  formula  to  keep  your  company  safe. 
Do  you  have  all  the  right  elements? 


BY  ANGELA  GENUSA 


IN  A  PERFECT  WORLD,  A  BIT  OF  COMMON  SENSE  and  a  dash  of  due  diligence 
would  protect  us  from  hackers,  saboteurs  and  the  common  cold.  Well,  the  world 
isn’t  perfect,  and  we  know  we  can  never  be  completely  secure.  There  is  a  measure 
of  safety  to  be  gained  by  following  a  formula  of  threat  education,  security  breach  pre¬ 
vention  and  risk  mitigation.  ■  “There’s  no  single  answer,”  says  Bruce  Schneier, 
CTO  of  security  consultancy  Counterpane  Internet  Security  in  San  Jose,  Calif., 
and  the  author  of  Secrets  &  Lies:  Digital  Security  in  a  Networked  World 
(Wiley,  John  &  Sons,  2000).  “I  can't  say,  ‘Do  these  seven  steps  and  you’ll 
be  magically  secure.”’  Although  every  organization’s  security  infrastructure 
must  be  unique  to  be  effective,  Schneier  and  other  experts  point  to  the  fol¬ 
lowing  essential  ingredients.  Pay  close  attention  to  these  basic  security  issues. 


1  ESTABLISH  ACCOUNTABILITY 

Companies  have  traditionally  relegated 
security  to  IS,  viewing  it  merely  as  an 
administrative  function  and  expense. 
However,  security  can  no  longer  be  a  clos¬ 
eted  IT  function,  says  Michael  Assante, 
cofounder  and  chief  intelligence  officer  of 
LogiKeep,  a  security  consultancy  based  in 


Dublin,  Ohio.  “It’s  got  to  be  a  boardroom 
issue  and  not  a  backroom  issue.  It  needs  to 
become  part  of  a  business  decision-making 
process,  looking  at  system  survival  and 
business  continuation  issues.  Accountability 
should  fall  on  the  shoulders  of  the  business 
decision  makers.” 

As  the  liaisons  between  operations  and 
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management  personnel,  CIOs  are  uniquely 
positioned  to  champion  IT  security  issues  in 
their  organizations,  according  to  John  S. 
Tritak,  director  of  the  Critical  Infrastructure 
Assurance  Office  with  the  U.S.  government. 
CIOs  and  other  senior  IT  executives  need 
to  cultivate  and  maintain  close  relationships 
with  senior  operations,  telecommunica¬ 
tions,  physical  security,  human  resources 
and  other  executives  in  their  organizations 
to  develop  and  implement  a  comprehensive 
IT  security  plan. 

CIOs  must  have  the  authority  and  the 
autonomy  to  immediately  address  security 
issues  or  react  to  breaches  quickly,  says  the 
executive  vice  president  of  IT  at  a  Fortune 
500  financial  services  corporation.  “You 
can’t  create  a  ton  of  bureaucracy  that 
makes  it  impossible  for  you  to  act  or 
quickly  react,”  he  says.  “It’s  called 
accountability.” 

Some  companies  are  hiring  vice  pres¬ 
idents  of  security  and  chief  information 
security  officers  (see  “Someone  to  Watch  Over 
You,”  Page  82)  to  put  policy,  processes  and 
methodology  in  place.  Some  are  hiring  chief 
privacy  officers  (see  “Oh  No,  Not  Another 
O!”  CIO,  Jan.  15,  2001)  to  oversee  privacy 
issues.  However,  these  positions  must  be  more 
than  window  dressing,  security  experts  say. 

PROMOTE  AWARENESS  A  lack  of 
awareness  of  the  potential  threats  from 
the  CEO  down  is  a  major  barrier  to  imple¬ 
menting  security.  “It’s  difficult  to  move  a 
security  initiative  forward  because  most  peo¬ 
ple  internally  see  it  as  a  bureaucratic  admin¬ 
istrative  kind  of  thing,”  says  the  CIO  of  a 
Fortune  1000  manufacturing  company.  “It 
doesn’t  matter  how  many  times  you  wave 
policies  in  front  of  them;  it  has  a  half-life 


of  about  five  minutes  in  their  minds.” 

CIOs  need  to  raise  internal  awareness  of 
security  among  senior  management  and  all 
employees  through  ongoing  security  aware¬ 
ness  programs  and  wide  distribution  of  poli¬ 
cies  and  procedures.  “It’s  incumbent  upon 
the  CIO  to  keep  this  in  people’s  faces,”  says 
the  executive  vice  president  of  IT  at  a  For¬ 
tune  500  financial  services  corporation. 


3  PROTECT  YOUR  ASSETS  What 

are  your  company’s  crown  jewels  and 
where  do  these  critical  assets  reside?  They 
may  be  private  customer  records,  sales  infor¬ 
mation,  employee  files  or  transaction 
records,  proprietary  pricing,  formulas  or 
recipes,  and  knowledge.  “I’ve  been  told  by 
CIOs  that  very  often,  there  is  not  enough 
appreciation  for  the  crown  jewels  of  the 
company,”  Tritak  says.  “As  a  result  there  is  a 
tendency  in  some  institutions  to  seek  some 
sort  of  uniform  level  of  security  across  the 
entire  organization,  which  may  not  be  ade¬ 
quate  for  the  real  security  of  high-end  critical 
assets.  You  may  be  oversecuring  some  assets 
and  undersecuring  others.” 

What  are  the  IT  assets 
that  enable  you  to  deliver 
products  and  services  for 
your  company?  As  compa¬ 
nies  increasingly  depend  on 
technology  to  deliver  and 
store  their  crown  jewels,  the 
potential  for  theft  or  damage 


increases.  Assigning  a  value  to  these  mission- 
critical  IT  assets  helps  senior  managers 
understand  the  value  of  IT  to  their  success. 

4  MAINTAIN  VIGILANCE  Security  is 
a  never-ending  process.  “People  tend  to 
think  of  security  as  something  you  do  once 
in  a  while  and  then  you  can  forget  about  it,” 
Tritak  says.  “‘Well,  we  did  it  for  Y2K;  we’re 
done.’  It  would  be  like  asking,  ‘When  can  I 
stop  doing  marketing?’  Well,  when  do  you 
want  to  go  out  of  business?” 

CIOs  should  conduct  regular,  ongoing 
audits  of  their  company’s  security  infrastruc¬ 
tures  using  an  independent  source,  Tritak  says. 
CIOs  audited  their  networks  in  preparation 
for  Y2K,  assessed  their  risk  and  took  action; 
they  treated  Y2K  as  a  business  issue.  Now 
CIOs  need  to  go  beyond  the  lessons 
learned  from  Y2K  and  consider  the  con¬ 
sequences  of  business  disruption  from 
security  breaches.  “In  the  information 
age,  you’re  dealing  in  a  very  dynamic  envi¬ 
ronment;  the  risks  and  vulnerabilities  are 
changing  constantly,”  Tritak  says. 

Gaining  the  CEO’s  and  board  members’ 
buy-in  is  also  part  of  an  ongoing  security 
plan.  “It’s  buying  in  to  a  new  way  of  assur¬ 
ing  and  securing  your  business,”  Tritak 
says.  “It’s  part  of  a  mind-set  that  is  begin¬ 
ning  to  evolve  to  thrive  and  manage  risk  in 
an  information  age.”  The  goal  is  to  create 
a  trusted,  reliable  business  environment. 
Failure  to  do  so  can  have  serious  repercus¬ 
sions  and  destroy  relationships  with  cus¬ 
tomers  and  investors. 


SECURITY  DEFINED 

For  a  comprehensive  list  of  security  terms  and  tech¬ 
nologies,  see  "Define  Your  Terms,”  exclusively  on  our 
website,  www.cio.com,  as  well  as  the  rest  of  our  secu¬ 
rity  coverage  and  our  new  security  research  center. 
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SPEND  CAREFULLY  Security  deci 
sions  are  often  made  in  haste  after  news 
of  a  recent  virus  or  attack.  Some  corpora¬ 
tions  react  to  the  latest  security  threat  by 
throwing  a  lot  of  money  at  protecting  their 
systems  from  that  specific  threat.  Forrester 
Research  predicts  select  American  compa¬ 
nies  will  spend  $19  billion  on  solving  secu¬ 
rity  problems  by  2004.  One  of  the  myths 
the  industry  propagates  is  that  more  secu¬ 
rity  is  better,  Schneier  says.  “More  isn’t  obvi¬ 
ously  better,”  he  says.  “If  I  were  a  bank,  I 
could  strip-search  every  customer  that  walks 
into  the  bank.  That  improves  security,  but 
my  business  will  fall  apart.” 

Rather  than  throwing  dollars  at  the  prob¬ 
lem,  CIOs  should  carefully  incorporate  secu¬ 
rity  considerations  in  the  acquisition,  devel¬ 
opment  and  installation  of  new  IT  systems 
as  a  standard  practice,  according  to  security 
experts.  Most  security  software  packages 
and  hardware  configurations  on  the  market 
are  one-size-fits-all  solutions  designed  to 
work  in  any  organization.  These  products 
leave  open  many  avenues  of  attack  and 
threat,  and,  in  the  end,  cost  more. 

CIOs  who  are  stuck  with  legacy  systems 
and  putting  security  Band- Aids  on  patched- 
together  networks  face  a  game  of  catch-up, 
Schneier  says.  “You’re  doing  the  worst  job, 
and  it’s  more  expensive.” 

SURVEY  THE  THREATSCAPE 

To  adeqjately  secure  their  companies, 
CIOs  need  to  understand  and  monitor  all 
the  dangers — both  internal  and  external — to 


their  companies.  Security  threats  to  their 
businesses  may  include  social,  economic  and 
geopolitical  factors.  Identifying  those  threats 
or  “the  enemy”  is  becoming  more  and  more 
difficult  as  borders  and  boundaries  dissolve 
around  nations,  organizational  structures 
and  individuals. 

Geopolitical  incidents  pose  new  security 
risks  with  dire  threats  to  U.S.  corporations, 
Assante  says.  “The  Internet  gives  people  the 
ability  to  take  action  and  do  it  in  the 
anonymity  of  the  Internet,”  he  says. 
“Instead  of  saying,  ‘You’ve  got  to  have  fire¬ 
walls,’  CIOs  need  to  focus  on  the  threat- 
scape.”  To  determine  your  company’s  risk 
profile,  enlist  the  help  of  the  COO,  CFO, 
corporate  legal  counsel,  auditors,  bond 
raters  and  insurance  companies. 


7  MITIGATE  RISK  CIOs  must  know 
what  risk  their  businesses  are  willing  to 
bear.  Take  the  risk  of  shoplifting,  for  exam¬ 
ple.  In  the  brick-and-mortar  world,  compa¬ 
nies  have  long  understood  this  “acceptable” 
risk  as  the  cost  of  doing  business  and  miti¬ 
gated  it  with  security  measures.  Grocery 
stores  post  sensors  at  exits  and  use  surveil¬ 
lance  cameras  and  store  guards.  Jewelry 
stores  keep  gems  under  lock  and  key,  and 
employees  carefully  watch  as  customers  han¬ 
dle  merchandise.  Apparel  stores  put  garment 
tags  on  clothing  and  sensors  on  the  doors. 

Security  in  the  networked  world  is  no  dif¬ 
ferent,  Schneier  says.  “It’s  all  about  under¬ 
standing  what  the  risks  are  and  accepting 
those  risks,  mitigating  them  technologically, 


procedurally  or  contractually. 

Schneier  illustrates  acceptable  risk  with  a 
U-shaped  curve.  “On  the  far  right  are  very 
expensive  security  and  no  or  low  losses  to 
attack,”  he  says.  “On  the  left  at  the  other 
top  of  the  U  are  very  expensive  losses  and 
no  security.  In  the  middle  is  some  sweet 
spot:  just  enough  security  and  just  enough 
losses.  Where  that  sweet  spot  is  will  be  dif¬ 
ferent  for  every  company,  depending  on 
their  risk  profile.” 

EMBRACE  RISK  CIOs  should  ap¬ 
proach  security  as  risk  management, 
rather  than  threat  avoidance.  Some  risk  is 
good,  say  security  experts.  “The  higher  the 
risk,  the  higher  the  profits,”  says  Mudge, 
vice  president  of  research  and  development 
at  @Stake  in  Cambridge,  Mass. 

Good  risk  management  depends  on  a 
company’s  business  model,  its  risks  and  the 
value  of  the  transactions  at  risk,  Schneier 
says.  “If  you  think  of  the  credit  card  indus¬ 
try,  the  threats  are  enormous,”  he  says. 
“They  still  haven’t  solved  the  problem.  But 
if  I  go  to  the  credit  card  companies  [to  sell 
them  security],  they  tell  me,  ‘We’re  mak¬ 
ing  a  fortune.  Shut  up.’  That’s  the  right 
way  to  think.” 

To  win  the  dollars  you  need  for  security, 
conduct  a  threat  analysis  based  on  your  com¬ 
pany’s  business  model,  Mudge  says.  Then 
build  a  business  case  for  senior  management, 
presenting  security  as  a  revenue  generator, 
not  an  expense.  An  incentive  approach,  as 
opposed  to  a  liability  approach,  gives  you  a 
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We've  all  been  there.  A  disputed  call  has  resulted  in  a  spontaneous,  in-your- 
face  job  counseling  session,  If  your  job  is  to  manage  network  resources, 
specify  memory  from  Viking  Components.  Our  router,  switch,  server,  desktop 
and  workstation  memory  are  products  of  choice  in  some  of  the  industry's 
most  successful  OEMs,  And  no  other  company  can  offer  you  better  quality, 
support,  service  or  innovative  customer  programs.  We  guarantee  it. 


Diking  On  Board 
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much  better  chance  of  getting  an  adequate 
security  budget. 

“If  I  say,  ‘I  need  a  million  dollars  to  mini¬ 
mize  the  chances  we  will  potentially  lose  a 
million  dollars,’  it  will  be  tough  to  acquire 
that  budget,”  Mudge  says.  “It’s  a  lot  easier 
to  get  that  money  if  I  say,  ‘I  need  $1  million 
to  enable  us  to  drive  more  revenue.  With  our 
existing  architecture,  we  can  do  only  1,000 
transactions  per  day,  but  with  this  new  archi¬ 
tecture  we  could  do  5,000.’”  Pitched  as  an 
opportunity  and  strategic  advantage  rather 
than  a  potential  loss,  security  becomes  a  for¬ 
tuitous  byproduct,  he  says. 

MIRROR  THE  BUSINESS  If  you 

look  at  your  company’s  operating  sys¬ 
tem  and  network,  and  you  can’t  tell  what 
it’s  designed  for,  your  company  is  accepting 
undue  risk,  Mudge  says.  “The  standard 
security  profile  is  not  the  same  at  any  given 
time  and  at  any  given  company,”  he  says. 
“Your  business  model  should  define  your 
security  stance,  and  your  security  must  mir¬ 
ror  your  business.” 

Security  is  a  state  of  mind  engineered  and 
designed  into  the  infrastructure,  rather  than 
vice  versa.  A  well-designed  architecture 
eschews  superfluous  services  and  unnecessary 
risk,  Mudge  says.  “Fort  Knox  was  designed 
with  big  walls  for  good  reason — they  knew 
what  they  were  going  to  be  storing  there. 
They  knew  what  their  business  was.” 

It’s  also  much  more  efficient  if  you  design 
security  into  your  infrastructure  from  the 
beginning,  Schneier  says.  “If  you  just  fin¬ 
ished  building  a  bank  and  then  you  figured 
out  you  need  a  vault,  an  alarm  system  and 
cages  for  the  tellers,  suddenly  you’re  redoing 
everything.” 

GO  BEYOND  TECHNOLOGY 

IT  executives  have  typically  miti¬ 
gated  security  risks  with  one-size-fits-all 
hardware  and  software,  believing  these 
tools  would  make  their  companies  secure. 
There  is  no  such  thing  as  being  “100  per¬ 
cent  secure,”  say  security  experts.  “You 
never  go  into  a  store  and  say,  ‘Sell  me  a  lock 
that  prevents  all  burglaries’  or  ‘Sell  me  a 


firewall  that  will  prevent  all  hackers.’” 
Schneier  says.  “Buying  a  lock  for  your  door 
is  part  of  a  very  complex  system  of  preven¬ 
tion,  detection,  alarm  and  response,  police 
force,  deterrence — all  of  those  things  com¬ 
bined.  If  you’ve  never  been  burglarized,  it’s 
because  of  that  [combination],  not  because 
of  some  magic  piece  of  technology.  The  Net 
is  the  same  way.” 

As  in  the  real  world,  if  someone  really 
wants  to  break  in,  they’ll  find  a  way  to  do  it. 
Firewalls,  digital  watermarks  and  biomet¬ 
rics  are  no  match  for  a  determined  hacker. 

Derek  Harp,  chief  executive  officer  of 
TogiKeep,  agrees.  “Technology  solutions 
are  not  the  solution,”  he  says.  “People  are 
exploiting  vulnerabilities  and  creating  tools 
to  escape  detection.  Time  and  time  again, 
technology  has  fallen  short.” 

Relying  solely  on  technology  to  solve  secu¬ 
rity  woes  is  a  recipe  for  disaster,  say  security 
experts.  “CIOs  have  been  sold  a  bill  of  goods 
by  security  companies  [that  say,]  ‘Here’s  our 


magic  security  dust:  Buy  a  firewall,  buy  a  PKI 
[public-key  infrastructure],  buy  a  security 
detection  system,  buy  this,”’  Schneier  says. 
“They’ve  been  screwed  a  lot  of  times.” 

DETECT  AND  RESPOND 

Detection  response  is  much  more 
effective  than  prevention.  “You  have  to  be 
watching  24/7/365,”  Schneier  says.  “You 
can’t  put  a  sign  on  the  server  that  says, 
‘Please  restrict  all  hacking  from  Monday 
through  Friday  between  8  and  5.’  If  you 


don’t  have  someone  watching  it  24/7/365, 
you’re  going  to  get  whacked.” 

Schneier  recommends  that  CIOs  outsource 
security  detection  and  response.  “It’s  the  main 
reason  no  one  has  their  own  fire  depart¬ 
ment,”  he  says.  “You  never  know  when  a  fire 
is  going  to  break  out.  If  you  did  your  own 
[detection  and  response],  it  would  be  a  few 
months  of  boredom  and  then  a  few  minutes 
of  panic.  It  makes  no  sense  for  you  as  a 
business  to  have  your  own  fire  department.” 

EDUCATE  OTHERS  Most  often, 
people  are  the  weakest  link  in  the 
security  chain.  Security  is  inherently  a  peo¬ 
ple  problem  because  people  are  the  net¬ 
work.  CIOs  need  to  educate  employees 
about  security  risks  and  threats,  from  e-mail 
viruses  to  protecting  proprietary  informa¬ 
tion,  Tritak  says. 

Employees  who  would  never  consider 
leaving  their  house  key  under  the  doormat 
don’t  think  twice  about  posting  their  net¬ 
work  passwords  under  their  mouse  pads. 
For  hackers  skilled  in  “social  engineering,” 
coaxing  network  passwords  from  most 
employees  is  disarmingly  simple.  Most 
employees  are  also  unaware  of  simple  secu¬ 
rity  risks,  such  as  sending  proprietary  infor¬ 
mation  by  e-mail. 

The  CIO  of  the  Fortune  1000  manu¬ 
facturing  company  tells  of  an  executive 
who  wanted  to  work  on  a  document 
containing  proprietary  information  over 
the  weekend  and  e-mailed  the  document 
to  himself  at  home.  “This  document  went 
out  over  the  Internet,”  the  CIO  says.  “Who 
knows  what  route  it  traveled  over  the 
world,  what  servers  it  hit  or  who  saw  it. 
This  person  never  thought  once  about  that 
and  didn’t  realize  that  it  wouldn’t  be  totally 
secure.  People  don’t  think  about  it.  They’re 
thinking  about  doing  their  job,  working  at 
home,  and  the  easiest  way  to  get  it  there  is 
to  e-mail  it  to  yourself  at  home.  It’s  like 
‘Wake  up!”’  EE] 


Any  other  aspects  of  security  keeping  you  awake  at 
night?  Tell  Senior  Writer  Angela  Genusa  via  e-mail 
at  agenusa@cio.com. 
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Managing  network  security  is  a  full-time  job.  Firewalls 
are  a  good  start,  but  it  takes  more  than  just  hardware 
and  software  to  get  the  job  done.  Real  security  means 
spotting  attacks  and  responding  to  them  the  instant 
they  occur.  That’s  what  it  takes  to  make  sure  an  attack 
doesn’t  compromise  your  business,  shut  your  network 
down,  and  send  your  stock  plummeting. 


Counterpane  detects  internal  and  external  threats 
to  your  business  by  manning  operations  centers 
with  the  world’s  foremost  network  security  experts - 
experts  who  know  the  latest  risks  and  monitor  your 
network  for  any  irregular  activity  24/7/365. 

We  watch.  We  respond.  We  are  your  best  defense. 
And  we  never  rest. 


When  you  register  for  our 
web  seminar,  “How  Safe  Is 
Your  Network  From  Hackers? 
at  www.counterpane.com, 
you’ll  receive  a  free  copy  of 
Secrets  e[  Lies,  a  new  book 
from  Bruce  Schneier, 
co-founder  of  Counterpane. 


Or  call  us  at  (866)  265-5871. 


Counterpane" 

Internet  Security 
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PartMiner  CTO  Mark  Schenecker 

feels  that  increased  customer  trust 
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Getting  a  third  party  to  vouch  for  your  security  is  good  for  your 
company’s  image.  How  much  you  can  trust  it  is  another  matter. 


BY  ERIC  BERKMAN 


SECURITY  IS  THE  BIGGEST  CONCERN  for  anyone  engaged  in  e-business,  no  doubt 
about  it.  However,  it’s  no  longer  a  matter  of  whether  companies  have  security— if  they 
don’t,  they  won’t  be  in  business  long— but  just  how  effective  that  security  is.  ■  This 
concern  for  security  quality  has  spawned  a  rapidly  growing  industry  for  third-party 
certification.  Hundreds  of  companies— including  brick-and-mortar  types  such  as  the 
Miller  Brewing  Co.,  financial  services  companies  like  Mellon  Shareholder  Services, 
and  even  ASPs  such  as  Digital  Insights— are  bringing  in  accounting  organizations 
and  security  vendors  to  audit  their  security  posture.  The  goal  is  to  win  a  “Good 
Housekeeping"  type  of  security  seal  that  tells  a  company’s  partners  they  can  have 
confidence  doing  e-business  with  it.  But  is  this  reassurance  more  valuable  as  a  mar¬ 
keting  tool  or  is  it  a  true  benchmark  of  a  company’s  security  stance?  ■  Companies 
that  have  been  through  the  certification 
process  say  it  works.  Take  the  case  of  New 
York  City-based  PartMiner,  and  its  e-mar- 
ketplace,  the  Free  Trade  Zone,  that  went  live 
last  year.  Before  it  did,  CTO  Mark  Schenecker 
assembled  a  focus  group  to  determine  how  folks 
on  both  sides  of  the  electronics  components 


Reader  ROI 

►  See  why  more  companies 
are  seeking  security  seals 
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►  Learn  how  to  cover  all  of 
your  security  bases 
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supply  chain  felt  about  security.  He  got  an  earful.  “Your  web¬ 
site  promises  that  you  won’t  share  our  data,”  the  group’s  par¬ 
ticipants  told  him.  “We  trust  you  personally,  but  how  do  we 
know  you’re  really  taking  all  the  right  steps  to  keep  our  infor¬ 
mation  out  of  the  wrong  hands?” 

So  Schenecker  brought  in  the  Big  Five  accounting  firm  Ernst 
&  Young  to  evaluate  PartMiner’s  security  practices.  After  comb¬ 
ing  through  the  company’s  firewalls,  intrusion-detection  tech¬ 
nology,  hosting  center,  physical  plant,  internal  procedures  and 
other  systems,  Ernst  &  Young  bestowed  its  seal  of  approval 
on  PartMiner,  which  the  company  displays  prominently  on  its 
website.  PartMiner  pays  Ernst  &  Young  five  figures  each  quar¬ 
ter  for  it  to  continue  that  testing  and  monitoring. 

Schenecker  insists  his  company  has  gotten  value  for  its 
money.  “Our  market  is  a  very  tight  community,”  he  says.  “The 
level  of  trust  has  increased,  and  we  believe  this  has  translated 
directly  into  the  level  of  transactions  performed  on  the  site.” 

Who  Tests  the  Testers? 

The  security  community  is  split  as  to  the  real  value  of 
certification.  Sure,  it  works  well  as  part  of  an  advertis¬ 


ing  campaign,  but  what  does  certification  really  prove? 

Security  certification  vendors  like  TruSecure  in  Reston,  Va., 
and  Axent  Technologies  in  Cupertino,  Calif.,  insist  that  peo¬ 
ple  can  trust  any  company  that  is  awarded  their  seals,  because 
it  means  they’ve  passed  rigorous  testing  against  all  threats.  But 
that’s  exactly  the  problem.  A  seal  suggests  absolute  security,  but 
nothing  is  100  percent  secure.  While  there  may  be  complete 
protection  against  known  threats,  enterprising  hackers  are 
constantly  coming  up  with  new  methods  of  attack. 

Meanwhile,  there  are  no  universally  recognized  standards 
for  testing  an  organization’s  security.  Nor  is  there  any  univer¬ 
sally  accepted  body  that  will  approve  or  oversee  those  who 
do  the  testing.  No  one  is  even  in  the  process  of  formulating 
specific  testing  standards.  So,  unless  you’re  an  expert  yourself, 
it’s  tough  to  ferret  out  the  fly-by-night  opportunists  looking  to 
make  a  buck.  And  if  you  are  an  expert,  why  would  you  need 
any  of  these  guys  in  the  first  place? 

That  being  said,  it  would  be  a  mistake  to  label  certification 
a  waste  of  time  and  money.  After  all,  if  you’re  investing  the 
resources,  you  are  at  least  demonstrating  that  you  have  security 
on  your  radar  screen  and  that  you  are  taking  it  seriously. 


Canada  sports  the  Ernst  &  Young  seal. 

The  Better  Business  Bureau’s 
online  subsidiary,  BBBOnline 

( www.bbbonline.org )  offers 
"privacy  seals"  to  websites.  It 
doesn’t  offer  security  seals  per 
se,  but  the  certification  process 
for  privacy  seals  encompasses  cer 
tain  security  requirements,  like 
ensuring  personal  infor¬ 
mation  is  secure  from 
unauthorized  access. 

The  cost  ranges  from 
$200  a  year  plus  a 
$75  application  fee  for 
companies  doing  less  than 
$1  million  in  business  per  year  to  $6,000 
a  year  plus  the  fee  for  companies  doing 
more  than  $2  billion.  The  BBS  has  certi¬ 
fied  more  than  700  websites,  including 
American  Airlines,  AT&T,  Dell,  Dunn  & 
Bradstreet  and  The  New  York  Times. 


TRUST-e  ( www.truste.com )  also 
offers  privacy  seals,  but  businesses 
must  demonstrate  reasonable  data  secu¬ 
rity  measures  to  become  certified.  It  has 
certified  approximately  2,000  websites, 
including  major  Internet  portals  like 
Yahoo  and  Excite.  Costs  are  on  a  sliding 
scale  from  $299  to  $6,999  depending  on 
annual  revenue. 


TESTING, TESTING 

Here  are  organizations  that  provide  secu¬ 
rity  certification  seals  and  services: 

Formerly  known  as  ICSA  (International 
Computer  Security  Labs),  TruSecure 

( www.trusecure.com )  puts  network  archi¬ 
tecture,  connectivity,  physical  security, 
disaster  recovery  and  operational  policies 
through  rigorous  tests  before  offering  cer¬ 
tification.  It  has  certified  more  than  400 
companies  for  an  average  annual  price  of 
$90,000  per  site. 

International  accounting  and  consult¬ 
ing  firm  Ernst  &  Young  ( www.ey.com ) 
provides  a  variety  of  privacy  and  security 
services  that  involve  a  range  of  tech¬ 
niques,  from  ensuring  that  privacy  poli¬ 
cies  are  posted  on  your  website  to  a  tech¬ 
nical  profile  of  your  security  architecture 
and  procedures.  Periodic  examinations 
follow  certification,  and  Ernst  &  Young  can 
remove  the  "WebTrust  Seal”  until  any 
required  corrections  are  made.  Bell- 
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THE  FIRST  GLOBAL  REMOTE  ACCESS  SYSTEM  TO  KEEP 
COMPANY  INFO  WHERE  IT  BELONGS.  INSIDE  THE  COMPANY. 


Your  users  need  to  travel  the 
world.  Your  trade  secrets,  on 
the  other  hand,  shouldn't  leave 
a  trace.  Luckily,  VPNterpriseSM 
has  given  secure  remote  access 
a  whole  new  meaning.  With  this 
reinvention  of  VPN  technology, 
it's  business  whenever,  wherever. 
Because  all  the  critical  applications 
and  data  available  at  your  users' 
desks  are  equally  accessible  — 
under  maximum  security. 
Whether  they're  brainstorming 


in  Brussels  or  on  a  layover  in 
Luxembourg,  it's  productivity  24-7. 

The  difference  is  simple:  We 
combine  the  ubiquity  and  cost 
savings  of  the  Internet  with  the 
security  of  a  private  network. 

You  might  say  that  when 
your  company  is  VPNterprised, 
where  you  go  is  your  business. 


welcome  to  your  global  office. 


www.fiberlink.com 
t -888-5 16-9372 


WHAT'S  INSIDE 
VPNterprise? 


•  Industry's  most  innovative 
remote-access  platform 

•  Diversity  &  redundancy:  multiple 
IP  backbones 


•  Up  to  70%  savings  over  your 
current  remote-access  solution 

•  Advanced  user-experience 
data  collection  &  billing  engines 

•  Coverage:  the  most  aggressive 
local  calling  coverage  available 

•  Future-proof:  will  seamlessly  integrate 
emerging  technologies 

•  Innovation  Award-winning 
technology 


SECURITY 


Certification 


“We  know  our  [certification]  has  been  successful  based  on 
the  amount  of  inquiry  from  potential  business  partners  and 
new  customers  about  the  nature  of  certification,”  says  Mike 
Lapelosa,  director  of  internal  audits  for  Group  Health  Inc. 
(GHI),  a  New  York  City-based  health-care  network.  “And  we 
see  a  lot  of  organizations  beginning  to  use  the  same  process.” 

A  typical  certification  is  much  like  a  physical  exam.  Just  as 
a  good  doctor  will  do  more  than  simply  ask  you  to  open  up 
and  say  “aah,”  the  good  security  examiner  performs  every  con¬ 
ceivable  test.  Lapelosa  went  through  this  when  he  and  his  col¬ 
leagues  hired  TruSecure  to  test  GHI’s  information  security  two 
years  ago.  At  the  time,  the  health-care  network  was  just  begin¬ 
ning  to  assert  its  Internet  presence  and  needed  to  maximize 
doctor  and  hospital  access  while  guaranteeing  the  patients’ 
right  to  privacy.  TruSecure,  a  security  solutions  company  for¬ 
merly  known  as  ISCA.net,  began  with  an  onsite  evaluation  of 
every  aspect  of  GHI’s  security  practices.  Consultants  reviewed 


all  written  policies  and  procedures,  interviewed  programmers 
and  computer  staff  to  ascertain  their  level  of  technical  expertise, 
and  studied  GHI’s  Web  infrastructure  to  spot  areas  where 
hackers  might  break  in  undetected. 

TruSecure  also  conducted  a  vulnerability  analysis  in  which 
it  actually  tried  to  break  in  to  the  network  from  the  outside 
and  examined  GHI’s  backup  and  disaster-recovery  procedures 
in  case  the  network  went  down.  TruSecure  eventually  gave 
GHI  its  seal  of  approval,  which  the  company  now  sports  on 
its  website.  Lapelosa  says  the  process  took  “two  weeks  from 
soup  to  nuts,”  with  TruSecure  workers  onsite  working  full  time 
with  both  him  and  GHI’s  IT  staff. 

The  company  continues  to  scan  GHI’s  network  for  vulner¬ 
abilities  on  a  quarterly  basis,  and  once  a  year  it  comes  in  to 
do  a  follow-up  of  all  its  reviews.  If  GHI  fails  to  implement  its 
recommendations,  it  can  lose  its  seal.  That’s  something 
TruSecure  has  not  yet  done  with  any  of  its  clients,  though  a 


“CERTIFICATION  lets  you  tell  your  senior  management  and  board 

of  directors  that  you’re  practicing  GOOD  SECURITY  HYGIENE.” 

-Terry  Milholland,  CIO  and  CTO  of  EDS 

spokesman  said  that  at  least  once  a  month  someone  will  fall 
into  a  “danger  zone”  where  they  are  given  up  to  30  days  to 
fix  a  security  hole  before  the  seal  is  revoked. 

Lapelosa  wouldn’t  reveal  how  much  money  was  spent  in 
GHI’s  certification,  but  TruSecure  CEO  Adam  Joseph  says  the 
process  typically  costs  around  $90,000  per  site.  “It  obviously 
varies  with  the  size  of  the  company,”  he  says. 

Lapelosa  says  the  process  has  given  his  company  the  assur¬ 
ance  that  it  has  the  proper  approach  to  security,  which — with 
the  privacy  regulations  of  the  Health  Insurance  Portability  and 
Accountability  Act  of  1996  (HJPAA)  looming  on  the  horizon — 
has  become  even  more  important  for  players  in  the  health¬ 
care  industry.  The  seal  also  gives  people  confidence  in  the  GHI 
brand,  he  adds. 

Meanwhile,  experts  agree  that  for  a  CIO,  certification  can  be 
a  useful  way  to  cover  your  behind.  “It  validates  what  you  say 
you’ve  done,”  says  Charlie  Johnson,  vice  president  of  business 
development  and  sales  at  Symantec  Security  Services,  the  con¬ 
sulting  arm  of  Axent  Technologies.  “If  the  company  is  spending 
the  money  for  security  services  and  equipment,  you  want 
someone  to  come  in  and  say  the  money  you’ve  spent  made 
sense  and  provided  the  level  of  security  you  thought  you  had.” 

Terry  Milholland,  CIO  and  CTO  of  EDS,  the  Texas-based 
computer  services  giant,  agrees.  “[Certification]  lets  you  tell 
your  senior  management  and  board  of  directors  that  you’re 
practicing  good  security  hygiene,”  he  says.  “Of  course,”  he 
adds,  “that  isn’t  to  say  you  don’t  have  exposures,  because 
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THE  FIRST  PRINCIPLE  of  ONLINE  BUSINESS 


The  best 
online  security  is 

the  one  that 

lets  the  most 

people  in. 


IF  YOU  THINK  OF  ONLINE  Yes,  JOU  1 

security  simply  as  a  way  c  O  r  r  e 

to  protect  your  network, 

you’re  missing  a  huge  opportunity.  Success 
won’t  come  to  companies  that  hunker  down 
behind  firewalls,  but  to  those  who  establish 
new  kinds  of  electronic  relationships  with  the 
people  who  fuel  their  business  -  customers, 
partners  and  suppliers. 

These  electronic  relationships  introduce 
both  unparalleled  opportunity  and  unprece¬ 
dented  risks.  @stake  has  assembled  the  best 
minds  in  digital  security  to  help  you  understand 
and  manage  those  risks.  We  integrate  technical 
and  business  expertise  to  deliver  strategic  solu¬ 
tions  to  the  Global  2000. 


*  e  a  d  that  As  the  leader  in  digital 
ctly.  security,  we  look  at  your 

business  goals  as  closely  as 
we  do  your  systems  architecture.  We  translate 
your  business  issues  into  security  requirements. 
Then  we  work  with  you  to  build  solutions  that 
look  beyond  your  network  to  the  security  of 
your  applications  and  data,  and  your  future 
business  goals. 

Our  goal  is  to  minimize  your  risk  and 
maximize  your  reward.  Nothing  is  impenetrable 
and  not  everything  in  an  online  business 
is  worth  protecting  at  any  cost.  Visit  us  at 
www.atstake.com/security/  or  call  us  at 
617.621.3500  to  learn  more  about  what  our 
digital  security  can  do  for  your  business. 
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anyone  who  says  otherwise  is  a  fool.” 

An  additional  benefit  is  relative  peace  of  mind. 
If  your  vendor  or  Big  Five  company  conducts 
ongoing  monitoring,  you’ll  know  that  your  secu¬ 
rity  practices  are  relatively  up-to-date.  Like 
Milholland,  Johnson  points  out  that  nobody  can 
guarantee  1 00  percent  security.  You  still  have  to 
maintain  whatever  security  would  be  expected  of 
a  company  in  your  shoes.  “[The  certification 
process]  gives  you  a  warm  fuzzy  feeling  that 
you’ve  done  everything  a  reasonable  person 
would  expea  you  to  do,”  he  says. 

Finally,  you  shouldn’t  underestimate  the  sig¬ 
nificance  of  a  company’s  willingness  to  stake  its 
reputation  on  its  assessment  of  your  security,  says 
John  Alsop,  president  and  CEO  of  Borderware 
Technologies,  a  Toronto-based  firewall  vendor. 
“That’s  the  real  value,”  he  says. 

As  happy  as  certified  companies  may  be,  cer¬ 
tification  has  obvious  limitations.  Critics  like  John 
Thomas  would  say  that  the  seal  in  and  of  itself 
does  nothing  more  than  influence  naive  cus¬ 
tomers  and  business  partners.  “Those  of  us  who 
know  the  business  realize  that  there  are  no 
absolutes  when  it  comes  to  security,”  says 
Thomas,  president  of  Vienna,  Va.-based  Titan 


“With  the  Internet,  THERE’S  ALL  SORTS  OF  NEW  WAYS  to  obtain 

customer  information.  IT’S  ALMOST  LIKE  ELECTRONIC  DUMPSTER  DIVING.” 

-John  Shaughnessy,  Visa  USA’s  senior  vice  president  of  risk  management 


Vigil,  a  company  that  performs  security  monitoring  for  commer¬ 
cial  and  government  organizations.  “If  someone  came  to  me  and 
said,  ‘Please  do  business  with  me  because  I’ve  got  X,  Y  and  Z’s 
approval,’  I’d  chuckle  to  myself  before  laying  right  into  them.” 

Just  When  You  Think  You’re  Secure... 

The  very  act  of  stamping  a  seal  on  your  website  can  be  risky. 
It’s  a  lot  like  the  old  Eveready  commercials,  where  actor  Robert 
Conrad  would  put  an  alkaline  battery  on  his  shoulder  and  dare 
you  to  knock  it  off.  The  minute  you  start  bragging  about  how 
secure  you  are,  hackers  will  line  up  to  try  to  prove  you  wrong.  In 
fact,  many  in  the  hacker  community  actually  believe  they’re 
doing  a  public  service  by  exposing  insecurities,  says  Thomas. 

“They’re  very  cynical  people,”  he  says.  “As  soon  as  someone 
comes  along  and  says,  ‘Do  business  with  me  because  I’m 
secure,’  I  can  promise  you  some  hacker  will  get  in  and  plant 
some  kind  of  logic  bomb.” 


Meanwhile,  how  can  you  be  so  sure  the  tests  proved  any¬ 
thing  in  the  first  place?  While  there  may  be  recognized  stan¬ 
dards  for  testing  the  security  of  a  product,  there’s  no  commonly 
accepted  methodology  for  testing  the  security  of  an  organiza¬ 
tion.  Standards  are  important  for  any  kind  of  security  testing, 
says  Ron  Ross,  director  of  the  National  Information  Assurance 
Partnership  in  Gaithersburg,  Md.,  a  government  group  that 
validates  lab  testing  of  IT  products. 

“I’m  not  saying  a  seal  has  no  value,  but  if  everyone  is  doing 
something  different,  it’s  hard  to  compare  what  kind  of  service 
you’re  really  getting,”  he  says. 

Plus,  not  every  evaluator  will  necessarily  be  on  the  up-and- 
up.  There  are  plenty  of  reputable  vendors  out  there,  but  there 
are  also  a  lot  of  guys  who  see  that  this  is  a  hot  area  and  hang  up 
a  shingle,  hoping  to  get  some  action. 

“You  especially  see  this  in  areas  where  security  is  becoming 
federally  mandated,  [like  banking  and  health  care],”  says  Rob 
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Sprint  announces  no  comparison  whatsoever. 


Introducing  more  E:  Sprint  E|Solutions!M  Internet  transport.  Web  hosting.  Collocation.  Security.  VPN.  Consulting.  Wireless. 
All  from  a  single  source.  Which  is  no  small  thing.  It's  everything.  Everything  you  need  to  pull  all  the  parts  of  your  E-business  together. 
It's  all-digital  and  riding  on  one  of  the  best-performing,  most  reliable,  most  secure  backbones — anywhere.  Expect  the  responsiveness 
of  E,  not  zzz.  The  experience  of  decades,  not  days.  And  performance,  reliability,  and  security  that  can  make  a  big  difference 
in  your  E-business.  See  the  difference  for  yourself:  1  877  495-3501  ext.  28  or  www.sprintesolutions.com/backbone28 
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VISA  USA’S  SECURITY 
REQUIREMENTS 

■  Install  and  maintain  working  firewall  to  protect  data 

■  Keep  security  patches  up-to-date 

■  Encrypt  stored  data  that’s  accessible  from  the  Internet 

■  Encrypt  data  sent  across  networks 

■  Use  and  regularly  update  antivirus  software 

■  Assign  unique  identifications  to  each  person  with  computer 
access  to  data 

■  Don't  use  vendor-supplied  defaults  for  passwords  and  security 

■  Track  access  to  data,  including  “read  only,”  by  unique  ID 

■  Regularly  test  security  systems  and  processes 

■  Restrict  access  to  data  by  business  “need  to  know” 

■  Maintain  a  management  policy  that  addresses  information 
security 

■  Restrict  physical  access  to  cardholder  information  to  author¬ 
ized  employees 

Source:  Visa  USA 


Dodson,  director  of  business  development  at  Symantec  Security 
Services  central  region.  “People  with  no  medical  background 
are  all  of  a  sudden  becoming  HI  PA  A  experts.  And  people  with 
no  incidence-response  background  are  jumping  all  over  the 
FDIC  incidence-response  requirements.” 

Perhaps  the  biggest  concern  of  all  is  the  fact  that  when  you’re 
certified,  it  reflects  a  mere  snapshot  in  time.  Basically,  it  tells 
people  that  according  to  a  particular  testing  methodology,  you 
were  secure  as  of  10:24  a.m.  last  Tuesday— the  last  time  you 
were  monitored.  The  problem  is,  that  doesn’t  guarantee  that 
you  were  secure  at  10:25  a.m. 

That’s  a  major  reason  why  Thomas  takes  these  seals  with  many 
grains  of  salt.  “A  lot  of  people  think  it’s  like  the  UL  [Underwriters 
Laboratory]  stamps  they  see  on  their  TVs,”  he  says.  “But  their 
TVs  don’t  change  a  lot  from  when  they  bought  them.” 

Johnson  takes  the  timing  metaphor  a  step  further.  It’s  like 
checking  a  guy  before  he  walks  into  a  bar  to  see  if  he’s  been 
drinking,  he  says.  “Four  hours  later,  he’s  blind  drunk,  but  he 
stumbles  into  a  cop  and  hands  him  a  piece  of  paper  saying 
he’s  fine.” 

Red  Flags  and  Best  Practices 

If  you  do  decide  to  have  your  security  certified,  there  are  steps 
you  can  take  to  maximize  the  value  of  the  process.  First,  choose 
the  right  vendor.  Like  anything  else,  it’s  a  combination  of  name 
recognition,  references,  reputation  and  experience.  You  want 
someone  you  can  trust,  because  you’re  giving  that  company  the 


most  intimate  access  possible.  Schenecker  felt  most  comfortable 
with  Ernst  &  Young.  Lapelosa  went  with  TruSecure,  because 
he  wanted  a  company  that  dedicates  100  percent  of  its  busi¬ 
ness  to  security  assessments. 

Johnson  recommends  having  two  companies  certify  you. 
That’  ’s  one  way  of  dealing  with  the  lack  of  standards,  and  it  also 
gives  you  an  extra  layer  of  confidence,  he  says.  “It’s  impor¬ 
tant.  Because  if  you’re  not  secure,  you’ll  be  on  the  front  of  The 
Wall  Street  Journal  explaining  why  your  stock  shouldn’t  drop 
down  to  $10.” 

When  it  comes  to  doing  business  with  a  company  that 
already  boasts  a  seal  on  its  site,  don’t  take  that  as  the  only 
thing  you  need  to  know.  Meet  with  the  people  handling  its 
security  and  ask  intelligent  questions.  Better  yet,  have  your  own 
third-party  expert  look  into  its  processes  and  technology. 

“Look  at  how  it  was  assessed,”  says  Thomas.  “Look  at 
things  like  ongoing  monitoring.  Check  to  see  if  the  security  offi¬ 
cer  is  principal  to  the  CIO  or  four  echelons  below.” 

If  the  CIO  has  sole  responsibility  for  security,  with  no  input 
from  the  CFO  or  in-house  auditor,  that’s  a  big  red  flag,  says 
Thomas.  “I  love  CIOs,”  he  says.  “I  was  the  CIO  of  many 
organizations  when  I  was  in  the  military.  But  I  know  the 
stresses  CIOs  come  up  against.  And  if  the  CFO  isn’t  engaged 
in  the  information  security  business  of  the  company,  I’d  ques¬ 
tion  whether  there  aren’t  some  holes  in  the  sieve.” 

Make  sure  your  partner  adheres  to  the  same  standards  you 
do.  For  example,  credit  card  behemoth  Visa  USA  has  come 
out  with  a  list  of  requirements  that  member  banks,  merchants 
and  third-party  service  providers  will  eventually  have  to  sat¬ 
isfy  (see  “Visa  USA’s  Security  Requirements,”  at  left).  These 
requirements  already  apply  to  ISPs  and  gateways,  and  Visa 
insists  on  the  right  to  have  its  chosen  security  experts  conduct 
onsite  reviews  and  Web  server  monitoring. 

“With  the  Internet,  there’s  all  sorts  of  new  ways  to  obtain 
customer  information,”  says  John  Shaughnessy,  Visa  USA’s 
senior  vice  president  of  risk  management.  “It’s  no  longer  the 
old  dumpster-diving  type  thing.  It’s  almost  like  electronic 
dumpster-diving,  and  we  need  to  make  sure  we’re  up  to  speed 
as  an  industry.” 

What  it  comes  down  to  is  that,  where  security  is  concerned, 
there’s  no  such  thing  as  complete  trust.  Thomas  is  an  advo¬ 
cate  of  any  process  that  improves  security,  for  example,  but 
believes  that  putting  faith  solely  in  seals  is  a  mug’s  game. 

“I’d  encourage  anyone  to  go  through  the  process  of  hav¬ 
ing  his  security  reviewed,”  he  says.  “But  don’t  think  for  a 
minute  that  the  endgame  is  to  have  the  process  performed  and 
then  you  walk  away.”  ram 


Tell  Senior  Writer  Eric  Berkman  whether  you've  certified  your  security  at 
eberkman@cio.com. 
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I  can  always  depend  on  MTI.  I  know  that  every  day  when  I  walk  into  the  office,  our  SAN 
will  be  up  and  running,  serving  data  to  everyone  in  my  worldwide  organization.  If  the  system 
ever  does  require  service,  MTI  will  be  notified  automatically  and  a  system  engineer  will  be 
out  to  correct  the  situation  -  without  me  having  to  lift  a  finger  or  miss  a  conference  call. 

They  should  know,  they’re  the  proven  experts  when  it  comes  to  the  next  generation 
SAN/NAS  storage  systems.  And  that’s  something  I  can  depend  on. 


Call  MTI  today  at  1 -800-999-9MTI  or  visit  us  at  www.mti.com 
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Forensics 


No  longer  an  obscure  component  of  network  security, 
computer  forensics  has  blossomed  into  a  science  all  its  own 


IT 


A 


UTOPSY 


BY  MATT  ViLLANO 


THE  CALL  CAME  IN  EARLY  ON  A  WINTER  MORNING  LAST  YEAR.  An  urgent  voice 
spoke  about  corporate  espionage  and  theft  of  trade  secrets.  After  a  few  deep 
breaths,  the  caller  identified  himself  as  counsel  representing  an  international  bank 
and  said  he  was  highly  distressed  about  a  developing  situation  with  one  of  the  bank’s 
former  employees.  He  outlined  allegations  that  before  joining  another 
company,  the  employee  took  internal  client  information  valued  in  the  million-dollar 
range.  The  official  said  he  was  turning  to  investigators  from  New  Technologies  Inc. 


(NTI)  for  help.  ■  Paul  French,  manager  of  NTI’s  Computer  Forensics  Laboratory, 
opened  an  investigation  right  away.  With  cooperation  from  the  bank  and  the  sus¬ 
pect's  new  employer,  French  got  the  employee's  old  and  new  computers  and  made 
copies  of  the  hard  drives  on  each  one.  Working  off 
these  copies  so  as  not  to  damage  the  originals, 

French  then  used  proprietary  tools  to  search  for 
hidden  information  about  certain  files.  In  a  matter 
of  hours,  NTI  investigators  confirmed  that  the 
employee  had  taken  key  documents  from  the  bank, 
downloaded  them  on  to  a  floppy  disk,  and  saved 
them  on  his  computer  at  his  new  job.  ■  “All  in  a 
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“Corporate  criminals  DON’T  ALWAYS  tell  the  truth. 
Their  computers,  however,  usually  do.” 

-Thomas  Talleur,  managing  director  of  forensic  technology  services,  KPMG 


day’s  work,”  French  deadpans,  in  the  best 
Sgt.  Friday  impression  he  can  muster.  “This 
[employee]  thought  that  by  tossing  files  in  the 
trash,  he  could  erase  all  the  evidence  of  his 
crime.  Suffice  it  to  say,  he  thought  wrong.” 

Bad  guys  always  overlook  something, 
and  this  ill-fated  criminal  underestimated  the 
effectiveness  of  computer  forensics.  Like 
more  traditional  police  forensics,  this  science 
has  one  overarching  goal:  to  find  evidence  of 
crime  and  preserve  it  for  eventual  use  in  a 
court  of  law.  Once  regarded  by  technophiles 
as  an  obscure  component  of  network  secu¬ 
rity,  the  discipline  has  blossomed  into  a  sci¬ 
ence  all  its  own,  garnering  widespread  atten¬ 
tion  from  analysts  and  CIOs  and  sparking 
an  industry  of  companies  such  as  NTI.  This 
boom  makes  perfect  sense — as  enterprises 
become  more  complex  and  move  more 
information  online,  they  leave  themselves 
increasingly  vulnerable  to  high-tech  crimes 
of  every  ilk.  Securing  evidence  necessary  to 
convict  an  attacker  becomes  a  matter  of 
paramount  importance. 

Still,  because  the  industry  is  fairly  new  and 
response  efforts  can  cost  millions,  it  is  prima¬ 
rily  CIOs  at  large,  well-endowed  companies 
who  have  had  the  opportunity  to  tackle  the 
science  in-house.  Those  looking  for  cheaper 
solutions  have  outsourced  computer  forensics 
on  a  case-by-case  basis,  calling  a  third  party 
for  help  after  an  attack.  Both  strategies  work, 
so  long  as  evidence  of  a  crime  is  obtained 
through  the  proper  methodology.  And  com¬ 
puter  forensics  is  perhaps  the  best  way  to 
track  down  who  did  what,  and  how  he 
pulled  it  off,  according  to  Thomas  Talleur, 
managing  director  of  the  forensic  technology 
services  group  at  KPMG.  “Corporate  crimi¬ 
nals  don’t  always  tell  the  truth,”  he  says. 
“Their  computers,  however,  usually  do.” 

Forensics  101 

While  the  industry  has  taken  off  only  in  the 
last  few  years,  the  science  began  back  when 
computers  were  used  mostly  for  word  pro¬ 
cessing  and  spreadsheets.  In  those  days,  if  cor¬ 
porate  officials  suspected  employees  of  foul 
play,  they’d  dispatch  secretaries  to  snoop 
around  hard  disks  after  hours.  When  these 


secretarial  spies  uncovered  something  fishy, 
officials  instructed  them  to  use  the  digital  doc¬ 
ument  as  a  guide  while  they  rifled  through  file 
cabinets,  desk  drawers  and  the  trash.  The 
thinking  here  was  practical — because  few 
businesspeople  eschewed  the  printed  page 
until  the  rise  of  the  Internet,  it  was  a  safe  bet 
that  any  document  stored  electronically  had 
a  matching  hard  copy  somewhere  nearby. 

Gradually,  as  computers  entered  the  main¬ 
stream  and  computer  crimes  became  more 
complex,  forensic  methods  changed.  Today, 


with  recent  statistics  from  the  Meta  Group 
indicating  that  the  vast  majority  of  all  docu¬ 
ments  are  stored  digitally,  the  science  hinges 
almost  entirely  on  computers  themselves. 
Computer  forensic  specialists  call  on  a  mix  of 
investigative  wit  and  high-tech  know-how 
to  reconstruct  the  particulars  of  a  hack,  theft 
of  trade  secrets  or  pornography  scandal  con¬ 
ducted  on  company  machines.  To  extract  a 
deleted  memo,  for  instance,  they  can  scan 
thousands  of  hidden  backup  folders  for  cer¬ 
tain  key  words.  To  establish  someone’s 
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Is  your  IT  or  Telecom 
infrastructure  causing  you  pain? 


TEKsystems®  brings  relief  fast. 

if  your  IT  orTelecom  infrastructure  is  causing  you  pain  and  stress,  there's  a  proven  way  to  get  the  help  you 
need  fastTEKsystems  is  the  recommended  relief  for  companies  everywhere.  Whether  your  problems  are 
in  strategic  staffing,  deployment,  consulting,  training  or  support  services, TEKsystems  can  help. 

Sixteen  thousand  times  a  day,  in  80  offices  around  the  world, TEKsystems  brings  needed  relief  by  matching 
the  industry’s  most  talented  IT  and  Telecom  professionals  to  each  company’s  specific  requirements.  Our 
high  rate  of  success  is  due  to  "special  ingredients"  like  the  strong  and  valued  relationships  our  account 
managers  have  with  their  clients  and  to  "thingamajob.com",  our  proprietary  recruitment  hub  that's  fast 
becoming  the  Web  place  to  grow  and  advance  a  technical  professional's  career 

But  at  TEKsystems,  we  refuse  to  rest  on  our  laptops.  That’s  why  we  have  our  own  technical  training  labs 
and  partner  with  companies  like  HP®,  Intel®  and  Remedy®.  Our  comprehensive  services  help  businesses 
run  their  IT  telecommunications  and  network  systems  keeping  your  team  ahead  of  the  curve. 

So  for  fast,  reliable  and  permanent  relief  from  your  worst  IT  orTelecom  headaches,  call  us  or  visit  our  Web 
site.  You’ll  get  the  relief  you  need.  Fast. 


The  Hire  Authority  for  IT 
and  Communications  Services.™ 


888.832.1215  www.teksystems.com 


HP®  is  a  registered  trademark  of  Hewlett-Packard  Company  Intel®  is  a  registered  trademark  of  Intel  Corporation.  Remedy®  is  a  registered  trademark  of  Remedy®  Corporation. 
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whereabouts  on  a  particular  day,  they  might 
peek  at  a  series  of  pages  in  the  Web  cache  or 
in  an  area  called  file  slack — the  microscopic 
space  between  individual  files — for  time- 
stamped  text  documents. 

“Forensic  investigators  of  the  modern  age 
can  resurrect  e-mail  messages  from  a  com¬ 
puter  that  hasn’t  worked  in  years,  or  estab¬ 
lish  a  time  line  of  crime  from  the  hard  drives 
on  15  separate  laptops,”  says  Talleur.  “We 
sure  have  come  a  long  way  from  sending  the 
secretary  to  rifle  through  the  trash.” 

Despite  this  evolution,  a  key  aspect  of  the 
science,  called  chain  of  custody,  hasn’t 
changed  at  all.  Chain  of  custody  is  the  record 
of  who  had  possession  of  the  evidence  and 
what  they  did  with  it.  The  chain,  which  can 


be  established  with  documents  or  testimony, 
enables  lawyers  to  show  the  court  that  com¬ 
puter  records  submitted  as  evidence  are  in 
the  same  condition  they  were  in  at  the  perti¬ 
nent  time,  and  that  they  have  not  been  tam¬ 
pered  with  or  altered  so  as  to  become  inac¬ 
curate  records  of  the  event,  according  to 
Linda  Stevens,  general  partner  in  the  litigation 
and  intellectual  property  groups  at  law  firm 
Schiff,  Hardin  &  Waite  in  Chicago.  While 
this  provision  is  intended  to  protea  the  defen¬ 
dant  from  evidence  tampering,  the  require¬ 
ments  can  hurt  the  plaintiff  if  the  evidence  is 
mishandled.  A  perfect  example:  Last  spring, 
after  a  hacker  broke  through  the  firewall  at 
Wallingford,  Conn.-based  CD  Universe  and 
stole  300,000  credit  card  numbers,  authori¬ 


SAY  WHAT? 

SO  YOU’RE  NEW  TO  THE  WORLD  OF  COMPUTER  FORENSICS?  To  make  you  feel 
more  comfortable,  here  are  some  of  the  most  common  words  and  phrases  in  the 
industry. 

Ambient  data:  Data  stored  in  nontraditional  computer  areas  and  formats,  such  as  in 
the  Windows  swap  file,  unallocated  space  or  file  slack. 

Clusters:  Fixed-length  blocks  of  data  (one  to  128  sectors)  in  which  DOS  and  Windows- 
based  computers  store  files. 

File  slack:  The  data  storage  space  that  exists  from  the  end  of  a  file  to  the  end  of  the 
last  cluster  assigned  to  the  file. 

Mirror-image  backup:  This  copy  of  a  hard  drive,  or  other  storage  device,  exactly  repli¬ 
cates  every  sector  of  the  original.  It  is  accepted  as  a  substitute  for  the  original  in  a 
court  of  law. 

Sectors:  The  smallest  unit  of  storage  on  a  computer.  Sectors  are  composed  of  bits,  and 
are  generally  a  power  of  2  bytes  in  size.  A  “regular”  disk  sector  is  512  bytes. 

Steganography:  Encrypting  and  hiding  data,  for  example  in  graphics,  by  changing  the 
least  significant  bits  into  the  message  bits. 

Unallocated  file  space:  The  area  on  a  computer’s  hard  disk  where  content  goes  when 
files  are  deleted  or  removed.  The  only  way  to  clean  this  space  is  with  cleansing  devices 
known  as  scrubbers. 

Windows  swap  file:  A  file  that  Windows-based  computers  use  as  a  “scratch  pad”  in 
which  to  write  data  when  additional  random  access  memory  is  needed. 

For  a  more  comprehensive  list  of  security  terms  and  technologies,  see  “ Define  Your 
Terms"  on  our  website  at  CIO.com,  along  with  the  rest  of  our  special  focus  on  security. 


ties  declined  to  prosecute  a  teenage  suspect 
because  they  claimed  specialists  responding  to 
the  situation  had  tainted  the  evidence.  Details 
are  still  sketchy,  but  experts  familiar  with  the 
case  allege  that  employees  from  one  or  more 
of  the  computer  security  companies  that  han¬ 
dled  the  break-in  inadvertently  altered  access 
times  on  log  files  from  the  day  of  the  attack. 
Joan  Feldman,  founder  and  president  of 
Seattle-based  Computer  Forensics,  followed 
the  case  closely;  she  says  this  kind  of  mistake 
would  have  made  it  impossible  to  authenti¬ 
cate  any  evidence  whatsoever. 

“On  a  PC  running  Windows  or  NT, 
when  you  go  into  Explorer  and  click  on  a 
file,  you  automatically  change  the  last  access 
date,  right?”  Feldman  says.  “If  you  do  that 
to  the  only  copy  of  a  file  that’s  critical  to  a 
case  of  computer  crime,  you’ve  just  ruined 
your  evidence.” 

Process  Makes  Perfect 

What  happens  when  a  company  suspects  a 
security  breach  and  turns  to  forensics  for 
help?  First,  as  with  any  other  crime  scene,  it’s 
crucial  that  no  one  disturb  the  evidence. 
Even  without  a  body  or  bullet  casings,  a 
computer  can  contain  just  as  much  evidence 
as  the  site  of  a  homicide,  says  Julie  Lucas, 
director  of  information  security  at  Houston- 
based  network  consultancy  GlobalNetwork 
Technology  Services  (GNTS). 

To  ensure  that  evidence  is  processed  safely 
and  to  eliminate  discrepancies  in  the  indus¬ 
try,  investigators  follow  a  standard  four-step 
regimen.  First,  they  isolate  the  system,  mak¬ 
ing  sure  no  perpetrators,  outside  or  in,  can 
further  damage  or  alter  the  crime  scene. 
Next,  they  secure  and  copy  the  evidence  for 
analysis.  One  way  to  do  this  is  to  mount  an 
external  tape-drive  and  take  an  exact  binary 
image  of  the  computer’s  hard  disk.  This  dig¬ 
ital  duplicate  becomes  the  version  investiga¬ 
tors  use  to  explore  the  evidence  without 
ruining  it,  and  its  importance  is  yet  another 
reason  why  IT  staffers  should  avoid  tinker¬ 
ing  when  something  dire  occurs. 

Many  investigators  take  the  original  hard 
drive  and  lock  it  in  an  onsite  storage  facility 
such  as  a  closet  or  safe.  With  this  evidence 


118  CIO  MARCH  1,  2001  •  www.cio.com 


Fortune  Global  500  General  Motors  Wal-Mart  Stores  Exxon  Mobil  Ford 
Motor  DaimlerChrysler  Mitsubishi  Toyota  Motor  General  Electric  Itochu 
Royal  Dutch/Shell  Group  Sumitomo  Nippon  Telegraph  &  Telephone  AXA  BP 
Amoco  Citigroup  Volkswagen  Siemens  Allianz  Hitachi  Matsushita  Electric 
Industrial  U.S.  Postal  Service  ING  Group  AT&T  Philip  Morris  Sony  Deutsche 
Bank  Boeing  Nissan  Motor  E.  ON  Toshiba  Bank  of  America  Corp,  Nestle 
SBC  Communications  Credit  Suisse  Hewlett-Packard  Fujitsu  NEC  Vivendi 
■  Unilever  Fortis  Prudential  CGNU  Sears  Roebuck  American  International 
Group  Peugeot  Enron  Renault  BNP  Paribas  Zurich  Financial  Services 
Carrefour  TIAA-CREF  HSBC  Holdings  ABN  AMRO  Holding  Compaq 
Computer  Lucent  Technologies  Elf  Aquitaine  Deutsche  Telekom  WorldCom 
a _ . 

De  Frar 
Manhatt 


Manufacturing  Si 
Capitol  Alcoa  US 
Eastman  Kodak  C 
CBS  Fortune  500 
General  Electric 
Corp.  SBC  Comr 


Mi) 


Dig  roup  Ai&i  rmiip  s 
p  Enron  TIAA-ORE 


ucent 

_vnch 


WE  THOUGHT  ABOUT  LISTING 
R  MOST  SUCCESSFUL  E-BUSINESS  CUSTOMERS. 

But  Forbes  and  Fortune  beat  us  to  it. 


ime 


Hyundai 
Ingram 
United  I 

*e  ca 

Ericsson  Bank  One  Corp.  USX  Santander  Central  Hisp 
Martin  MetLife  Goldman  Sachs  Group  GTE  Daiei  Dell 

Over  8,000  of  the  world’s  most  successful  e-businesses 

have  chosen  the  BEA  WebLogic®  E-Business  Platform:* 

Groups  Auchan  W  Generate  Dresdnei  Dynegy  Reliant  Energy  Delta  Air  Lines  Coca-Cola  Enterpris 


gy  American  express 
FleetBoston  Raytheon 
Xerox  Lehman  Brother; 


3  Bristol-Myers 

ss  Reinsurance 
0r  0«sinlc  Xero> 
Systems  Chin? 
insurance  J.F 


Societe  Generate  Dresdoe 
Lloyds  TSB  Group  East  Japan  Railway  Rabobank  Enel  Fir 
Wefts  Fargo  Duke  Energy  Novartis  Barclays  Nortel  Netw 

BEA’s  customers  include: 

Squibb  Groups  Pinault-Printemps  Industrial  4  Commercial 

•  100%  of  the  Fortune  Global  500 
Telecommunications  Companies 

Telecommunications  AstraZeneca  Tokio  Marine  4  Fire 

•  100%  of  the  Fortune  Global  500 

n.nL  £\£  C* 1  in?"*  I  tjfes  XVIJ  Ahhoi 

Computer/Office  Equipment 

DeJ  Manufacturers 

pargne  Pfizer  Johnson  Controls  Minnesota  Mining  &  Mfg.  Dynegy  Reliant 

•  100%  of  the  Fortune  Global  500 
Financial  Securities  and  Diversified 

an  Kodak  Aerospatiale  Matra 


Unto 

Ciqn 


4  i 
in-i 


ores  Eastman  Kodak  Washington  Mutual  Nationwide  Insure 
iterprise  American  Home  Products  Hartford  Financial  Services  Dan; 

BEA  is  the  platform  of  choice  because: 

sociates  First  Capitol  Deem  Sun  Microsystems  Anheuser-Busch 


ims 


acif 


4ati 


lai  mcr 
\  Fso  E) 


•  The  BEA  WebLogic®  E-Business 
Platform  is  built  on  BEA  WebLogic® 
Server,  the  industry’s  number  one 

Java  application  server 

Entergy  Marriott  Internationa!  Coni' 


ital  Airlines  Bestfoods  us  Bancorp 

•  BEA  is  the  de  facto  standard  for  over 

*1  lefff dBl  v^fDiljsJ  ' 


lUUai 

John 

Point 


Financial  Companies 

Broken  Hill  Proprietary  Glaxo  Wellcome 
Mufi 


ansa  Grou 


ihington 


•  100%  of  the  Fortune  500  Pharmaceutical 


us 

Ko» 

Vo* 


Companies 


jar 


Ri 


llldUid 

umitor 


torsi 


Hydro  Rsco; 
rtal  Industrie 


1,200  of  the  world’s  leading  Sis,  ISVs, 
and  ASPs  Foods  Baxter  International  Pharmacia  4  U 
tockwell  International  AON  Kellogg  Bank  of  New  York  Co.  Boise  Gas 

•  Business  Week  named  BEA  the 

:MC  insurance  .Comcast 

Number  One  Technology  Company  with 

the  highest  shareholder  return:  884% 
kon  (June  2000) 


ohm 


Haas 


Cv 


Applications  inti.  Computer  Assoc 
oi  no  Sherwin? 


•  The  majority  of  the  Fortune  Global  500 
Airline  and  Delivery  Services,  as  well 


nil 


as  Aerospace  and  Healthcare 
to  Companies 

Nova  Scotia  Toppan  Printing  Ultramar  Diamond  Sharon 
Insurance  All  Nippon  Airways  CSX  Sun  Life  Assurance  o 

•  The  majority  of  Forbes  Super  100, 
Fortune  Global  500,  Fortune  e-50 

and  Business  2.0  100  lists 

Citigroup  Exxon  Mobil  Bank  of  America  AT&T  General  M 

international  Group  Wal-Mart  Stores  SBC  Communications 
Dean  Witter  &  Co  Ford  Motor  Chase  Manhattan  MCI  VVorldC 
Intel  Microsoft  Beil  Atlantic  Lucent  Technologies  Phiiip  Mor 
Packard  Merck  Merrill  Lynch  Goldman  Sachs  Group  Wells  i 


ystems 
rinting  Telstra 
rvtreal  Bank  of 
k  Kyohc  Life 
C3,n0d*i  As&hi 
tes  Obayashi 
Ystems  Mass* 


ns 


warne 

Union 


Boeing.  W« 
^rs  Squibb 


onr 
t  Ft 


& 


jet 


neral  Electric 
srs  American 

;0^ 

jrgan  Stanley 

Matun 

n  Fannie  Mae 

MCI 

Cos  Hewlett- 

Sun 

'go  GTE  Time 

Camt 

lohnson  First 

Yahoc 

ton  Financial 

Excite 

ate 


JP 


•  BEA  is  one  of  the  ten  most  highly  valued 
soul  software  companies  in  the  world 

Pitney  Bowes  W.W.  Grainger  Express  Scripts  AK  Steel  Holding 

•  We’ve  had  20  straight  quarters  of 

McGraw-Hm^ounlrywide  Credit  Industries  Capital 

Cablefisiwr  Sp.tCms  Bethlehem  Steel  York  International 

Harris  Avery  Dennison  Fifth  Third  Bancorp  Bail  Barnes  &  Noble  Allegheny 

Maybe  it’s  time  to  get  your  company 
on  the  most  powerful  list  in  e-business. 

/w,  bea.com. 

r  Financial  Fortune  e-50  AT&T  Lucent  Technologies 
tel  Dell  Computer  Microsoft  Cisco  Systems 
nerica  Online  EMC  OUALCOMM  Amazon.com  Intuit 
“artners  E*Trade  Group 
Holding  Earthlink  Network  Priceline 
>  Communications  Doubleclick  VeriSign 
urity  First  Technologies  eToys  Razorfis 


Interim  Services 
ij  Gas  ReiiaSiar 
WorldCom  Inti 


Amentrade 


Knight/Trimark 


Healtheon  A  rib  a 


©2001  BEA  Systems,  Inc.  How  business  becomes  e-business  and  BEA  WebLogic  E-Business  Platform  are  trademarks  and  BEA  and  WebLogic  are  registered  trademarks  of  BEA  Systems,  Inc. 


SECURITY 


Forensics 


“When  we’re  not  TRACKING  DOWN  evidence  of 
WRONGDOING,  we’re  proactively  searching  for  it.” 

-Howard  Schmidt,  chief  security  officer,  Microsoft 


secure,  investigators  finally  can  do  what  they 
do  best — investigate.  Using  a  bevy  of  foren¬ 
sic  tools  made  by  niche  companies,  investi¬ 
gators  search  hidden  folders  and  unallocated 
disk  space  for  copies  of  files  a  user  thinks 
he’s  deleted.  The  tools  allow  searches  by  key¬ 
word,  file  type  or  access  date. 

These  procedures  usually  take  a  few  days 
to  complete;  evaluating  the  data  they  pro¬ 
duce  takes  much  longer.  Once  experts  have 
conducted  an  investigation,  it  can  take 
weeks  for  them  to  make  sense  of  everything 
they’ve  found.  Verification  is  the  final  step 
in  the  forensic  process  and  usually  ends  with 
the  preparation  of  a  findings  report  that  can 
be  used  in  a  court  of  law.  Documentation  is 
key  here.  Sean  McCreight,  CEO  and  chair¬ 
man  of  Pasadena,  Calif.-based  Guidance 
Software,  says  investigators  must  be  able  to 
explain  the  methods  they  employ  to  uncover 
every  byte  of  data.  Because  evaluation  strate¬ 
gies  differ,  McCreight  notes  that  this  is  the 
part  of  the  forensic  process  that  sets  one 
investigator  apart  from  another.  Do  it  right, 
he  says,  and  you’re  golden;  do  it  poorly,  and 
you  could  find  yourself  on  the  wrong  side 
of  a  devastating  legal  loss. 

“Data  without  the  proper  validation  and 
documentation  is  just  pure  data,”  he  says. 
“It’s  one  thing  to  have  volumes  of  informa¬ 
tion  in  front  of  you.  It’s  another  thing  to  be 
able  to  dig  in  there,  give  everything  some 
context  and  put  it  together  in  a  way  that 
everyone  in  a  courtroom  can  understand.” 

Do-It-Yourselfers 

Companies  that  develop  forensic  capabili¬ 
ties  in-house  use  money  from  the  general 
IT  security  budget  to  develop  divisions 
devoted  to  chasing  down  evidence  after 
crimes.  At  Boeing,  Motorola  and  others,  for 
example,  CIOs  have  hired  squadrons  of  net¬ 
work  security  specialists  to  double  as  foren¬ 
sic  investigators.  Because  these  companies 
have  so  many  security  concerns,  it’s  actu¬ 
ally  cheaper  for  them  to  build  forensics 
teams  from  scratch  than  to  farm  out  serv¬ 
ices  on  a  per-case  basis. 

Microsoft,  for  instance,  has  hired  Howard 
Schmidt,  former  director  of  computer  crime 


and  information  warfare  at  the  Air  Force 
Office  of  Special  Investigations,  as  chief 
security  officer  and  has  groomed  a  team  of 
10  investigators  to  gather  digital  evidence. 
Late  last  year,  EDS  Corp.  launched  a  Global 
Information  Assurance  program  structured 
around  a  spanking  new  CyberForensics  Lab 
at  the  company’s  Herndon,  Va.,  office. 

Companies  can  also  use  forensic  tech¬ 
niques  to  engineer  some  preemptive  security 
checks.  At  EDS,  for  instance,  forensic  spe¬ 
cialists  occasionally  monitor  employee  hard 
drives  to  make  sure  nobody’s  stealing  com¬ 
pany  secrets. 

At  Microsoft,  Schmidt  says  his  job  hinges 
on  much  of  the  same.  “With  all  of  the  top- 
secret  stuff  we  have  going  on  here,  we  need 
to  make  sure  that  none  of  our  employees  are 
taking  classified  information  and  sending  it 
elsewhere,”  he  says.  “When  we’re  not  track¬ 
ing  down  evidence  of  wrongdoing,  we’re 
proactively  searching  for  it,  scanning  hard 
disks  in  the  name  of  corporate  security.” 

These  projects  can  get  expensive.  While 
they  declined  to  reveal  actual  figures, 
Schmidt  says  Microsoft  spends  “millions 
and  millions”  on  forensics  every  year,  and 


Daryl  Eckard,  director  of  operations  for 
EDS’s  Global  Information  Services  Group 
division,  says  his  company  threw  a  “signif¬ 
icant”  amount  behind  the  new  lab.  But 
financing  is  only  the  beginning,  and  even 
with  the  necessary  funds,  establishing  an  in- 
house  computer  forensics  program  on  the 
corporate  level  can  be  tough.  First  is  the 
issue  of  education.  Investigators  who  have 
not  received  formal  law  enforcement  train¬ 
ing  must  endure  rigorous  knowledge  trans¬ 
fer  classes  to  learn  the  craft.  Second  is  the 
issue  of  policy.  McCreight  and  Schmidt  sug¬ 
gest  that  before  IT  leaders  even  think  about 
forensics,  they  should  sit  down  with  repre¬ 
sentatives  from  the  legal  and  human 
resources  departments  to  discuss  procedural 
requirements  and  other  expectations. 

Chris  King,  program  director  of  the 
global  networking  strategies  team  at  the 
Meta  Group,  warns,  too,  that  CIOs  should 
be  aware  of  how  network  security  decisions 
might  affect  an  employee’s  perception  of  pri¬ 
vacy.  Because  plans  such  as  Microsoft’s 
hinge  on  regularly  imaging  a  company’s 
hard  drives,  employees  often  speak  out 
against  them,  publicly  invoking  passages 
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or,  you  could  just  call  Synygy. 


TM 

Synygy— The  Incentive  Compensation  Company  -is  the  largest  provider  of  incentive  compensation  software  and  services. 


Synygy’s  solutions  for  managing  variable  pay  plans  free  up  your 
scarce  technical  resources  and  give  you  the  flexibility  and 
power  to  rapidly  and  cost  effectively  keep  up  with  your 
organization’s  ever  changing  variable  compensation  plans. 

Synygy’s  proven  1C  Expert™  software  has  been  used  to 
implement  and  manage  more  variable  pay  plans  for  more 
plan  participants  for  more  of  the  world’s  largest  corporations 
than  any  other  solution. 

Sun  Microsystems,  American  Home  Products,  DuPont,  Portal 
Software,  Bausch  &  Lomb,  Fleet  Mortgage  Group,  johnson  & 
Johnson,  and  dozens  of  other  Global  2000  companies  are 

www.synygy.com 

Copyright  ©  2001  Synygy,  Inc.  All  rights  reserved 


now  taking  advantage  of  Synygy’s  flexible  solutions  and 
exceptional  client  service. 

Synygy  delivers  “software  as  a  service”  —  providing  a  full 
spectrum  of  solutions  from  enterprise  software  to  ASP  to 
complete  plan  management  outsourcing-all  without  the 
cost  of  purchasing  software. 

Visit  www.synygy.com  today  to  request  free  white  papers  and 
case  studies.  Or  call  us  at  610-664-7433  x7971  to  learn  how 
Synygy’s  decade  of  experience  can  solve  your  pay-for- 
performance  troubles. 
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from  the  1986  Electronic  Communications 
Privacy  Act  and  privately  comparing 
employers  to  Big  Brother.  While  concerns 
like  these  are  legitimate,  KPMG’s  Talleur 
suggests  that  employees  should  be  told  that 
forensics  is  a  matter  of  self-defense,  and 
if  they  don’t  like  it,  they  can  work  some¬ 
where  else. 

“Being  able  to  retrieve  digital  evidence  is 
more  about  catching  employees  stealing 
company  secrets  than  it  is  about  nabbing 
them  abusing  the  Internet,”  he  says.  “If  an 
employee  is  spending  the  day  looking  at 


[pornography],  you  can  bet  we’ll  take  note. 
In  the  scheme  of  things,  though,  that  stuff 
is  harmless  compared  with  the  crimes  we’re 
really  out  to  find.” 

A  Little  Help  from  Their  Friends 

Because  not  all  companies  have  the 
resources  to  handle  forensics  endeavors  on 
their  own,  their  CIOs  have  turned  to  ven¬ 
dors  and  consultants  who  specialize  in 
forensics  solutions  of  every  kind.  Experts  say 
this  setup  benefits  everyone  involved — ven¬ 
dors  earn  more  charging  for  services  by  the 


TOOLS  OF  THE  TRADE 

WITH  THE  AMOUNT  OF  MISSION-CRITICAL  INFORMATION  stored  digitally  increas¬ 
ing  every  day,  there’s  never  been  a  better  time  to  purchase  tools  to  help  track  down 
computer  crime  in  your  organization.  Which  do  industry  experts  rate  most  highly? 
Here’s  an  incomplete  list. 

EnCase.  This  full-service  product  from  Guidance  Software  offers  a  Windows-based 
environment  from  which  users  can  copy  and  investigate  data  on  their  own.  What’s 
more,  the  application's  evaluation  capabilities  ostensibly  obviate  the  need  for  a  trained 
investigator.  Consistently  ranked  among  the  best  forensic  programs  on  the  market, 
EnCase  recently  matured  to  Version  2.  www.encase.com 

Forensic  Tool  Kit.  Though  it  does  not  image  hard  disks  with  a  built-in  tool,  this  new 
product  from  AccessData  provides  applications  to  investigate  original  evidence, 
enabling  users  to  search  with  a  number  of  strings  at  once,  it  works  well  with  encryp¬ 
tion  programs  and  is  designed  to  draw  on  them  to  weed  through  hard-to-reach  places 
on  a  network  or  hard  disk,  www.accessdata.com 

Net  Threat  Analyzer.  Net  Threat  Analyzer  is  like  a  dog  that  can  sniff  out  Internet  access. 
Put  out  by  New  Technologies  Inc.,  this  DOS-based  tool  searches  Web  caches  and  file 
slack  for  ghost  files  that  indicate  where  a  user  has  been.  Users  can  search  data  for  par¬ 
ticular  words  or  frequently  used  addresses.  This  product  is  only  available  to  and  used 
by  law  enforcement  agencies,  www.forensics-intl.com 

SilentRunner.  A  new  product  from  Raytheon,  SilentRunner  spots  suspicious  clusters 
of  activity  on  a  company  network  and  alerts  systems  administrators  immediately.  Part 
artificial  intelligence,  part  pattern  recognition,  this  program  is  more  of  an  intrusion 
detection  application  than  it  is  a  forensic  one.  Still,  users  can  print  out  results  for  fur¬ 
ther  examination  if  necessary,  www.raytheon.com 

SmartWatch.  Watching  a  host  computer  like  a  hawk,  this  product  from  Wetstone 
Technologies  detects  even  the  smallest  changes  to  computer  files,  then  reports  them 
immediately.  The  program  can  be  configured  to  image  a  disk  repeatedly  during  an 
attack  or  can  be  programmed  to  recover  key  resources  from  a  secure  backup  to  auto¬ 
matically  reinstate  files,  www.wetstonetech.com 


hour  than  by  selling  a  product,  and  clients 
achieve  peace  of  mind  knowing  that  their 
evidence  is  being  processed  by  true  pros. 
Some  forensics,  says  King,  is  better  than 
nothing  at  all. 

Perhaps  the  best  known  of  these  forensics 
companies  is  NTI,  where  French  and  his  col¬ 
leagues  foiled  the  former  bank  employee  ear¬ 
lier  this  year.  From  its  modest  headquarters 
in  Gresham,  Ore.,  a  staff  of  20,  including  10 
computer  forensics  specialists,  supports  25 
proprietary  products.  On  a  recent  winter 
morning,  investigators  (they  call  themselves 
“geeks”)  huddled  around  one  of  their  own  as 
he  evaluated  evidence  for  a  $6  billion  class- 
action  lawsuit  involving  more  than  20  lap¬ 
tops  at  a  Fortune  100  company.  Using  a 
product  called  FileList,  they  strung  together 
access  dates  in  hidden  files  on  each  machine. 
“Of  course  we  think  our  products  are  the 
best,  but  we  don’t  care  if  we  use  our  products 
or  the  next  guy’s,”  says  Mike  Anderson,  the 
company’s  founder  and  CEO.  “We’ll  do 
whatever  we  can  to  establish  evidence  that 
our  clients  can  use  in  a  court  of  law.” 

Others  subscribe  to  the  same  philosophy. 
In  Alexandria,  Va.,  Riptech  supplements  an 
outsourced  24/7  information  security  moni¬ 
toring  and  management  offering  with  a  com¬ 
puter  emergency  response  team  that  per¬ 
forms  general  analyses  and  remediation 
efforts  onsite.  Provo,  Utah-based  AccessData 
recently  released  a  Forensic  Tool  Kit  to  com¬ 
plement  a  previously  limited  consulting  busi¬ 
ness  that  specializes  in  troubleshooting 
encryption  crises  of  any  kind.  Then  there’s 
WetStone  Technologies,  a  company  that 
offers  products  and  services  for  helping  com¬ 
panies  address  steganography,  the  process 
by  which  nefarious  employees  encrypt  and 
embed  data  within  ordinary  e-mail  attach¬ 
ments  (see  “Say  What?”  Page  118). 

Not  every  company  offers  both  propri¬ 
etary  products  and  advice  on  how  to  use 
them.  Guidance  Software  sticks  to  software, 
devoting  most  of  its  efforts  to  developing  its 
flagship  product,  EnCase,  which  it  markets 
as  a  full-service  forensic  tool.  GNTS  does  the 
reverse,  eschewing  sales  for  what  the  com¬ 
pany  considers  to  be  a  more  practical  focus 
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Complete  gateway  virus  defense 
you  set  and 

Now,  please,  go  put  out 
all  those  other  fires. 


REMOTE  MANAGEMENT 

PROACTIVE  OUTBREAK  CONTROL 

SCANS  5  000+  EMAILS  PER  HOUR 

SCALABLE  TO  2000  USERS 

CONTENT  FILTERING 

AUTOMATIC  UPDATES 

Can’t  just  one  crisis 
take  care  of  itself?  Now  it  can. 

McAfee  WebShield  e50  delivers  the  #1 
anti-virus  software  on  its  own  hardware.  So 
you  deploy  it  easily.  Call  1-800-707-1274, 
dept.  5576,  or  visit  mcaleeb2b.com/ 
ad/e50cio.asp  for  a  free  Configure 
&  Forget  It  Virus  Kit. 


McAfee 
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SECURITY 


Forensics 


With  a  NEW  WAVE  OF  TOOLS  and  techniques 
for  computer  criminals  to  crack 
into  CORPORATE  NETWORKS,  government 
experts  expect  2001  to  bring  more 

COMPUTER  CRIME  than  ever  before. 


on  incident  response  and  information  assur¬ 
ance  assessment.  This  second  model  appears 
to  be  popular;  of  the  two  dozen  or  so  com¬ 
panies  in  the  forensics  space,  more  than  half 
take  a  similar  approach.  At  CFI,  for 
instance,  investigators  help  corporate  attor¬ 
neys  understand  the  nuances  of  the  evidence 
they  find.  And  at  Foundstone,  based  in 
Irvine,  Calif.,  specialists  tackle  fraud  and 
other  computer  crimes  unique  to  the  finan¬ 
cial  services  industry. 

“People  can  buy  products  anywhere,  even 
online,”  says  Kevin  Mandia,  Foundstone’s 
director  of  computer  forensics.  “Talented, 
reliable  and  experienced  people  who  under¬ 
stand  a  niche — now  that’s  hard  to  find.” 

Looking  Ahead 

Mandia  is  right,  but  changes  in  the  foren¬ 
sics  landscape  may  soon  make  it  easier  for 
CIOs  to  spend  a  couple  bucks  and  secure 
evidence  on  their  own.  A  number  of  soft¬ 
ware  companies  such  as  AccessData  and 
WetStone  are  developing  applications  that 
automate  forensic  responses,  ostensibly 
eliminating  the  need  for  investigators.  These 
programs  promise  to  manage  everything 
from  copying  hard  disks  to  evaluating  evi¬ 
dence.  What’s  more,  because  most  of  them 
are  slated  to  cost  less  than  $1,000  per 
license,  industry  watchers  such  as  Meta 
Group’s  King  say  that  just  about  anyone 
with  security  concerns  can  purchase  them 
and  implement  them  painlessly. 


While  these  new  products  could  repre¬ 
sent  the  democratization  of  computer  foren¬ 
sics,  vendors  and  forensics  consulting  com¬ 
panies  see  automation  as  a  direct  threat  to 
their  businesses.  “Why  would  you  pay  to 
have  a  person  secure  evidence  when  you  can 
have  a  program  do  it  in  a  fraction  of  the 
time?”  asks  Larry  Kanter,  partner  in  charge 
of  the  computer  forensics  practice  of 
PricewaterhouseCoopers.  “With  changes  in 
the  industry,  with  software  that  handles 
many  of  these  forensic  applications,  I’d  guess 
that  a  number  of  CIOs  at  smaller  compa¬ 
nies  will  handle  this  themselves.” 

NTI’s  Anderson  disagrees,  saying  that  so 
long  as  human  beings  sit  on  juries,  there  will 
be  a  need  for  some  degree  of  subjective  inter¬ 
pretation  from  real  live  people. 

Whatever  happens,  many  forensic 
experts  are  getting  ready  to  fight  other 
fights.  The  first  is  political,  and  dozens  of 
investigators  are  lining  up  to  help  U.S.  gov¬ 
ernment  officials  review  the  recent  recom¬ 
mendations  of  the  Committee  of  Experts 
on  Crime  in  Cyber-Space,  an  international 


coalition,  for  a  treaty  espousing  increased 
computer  surveillance  for  law  enforcement 
officials  around  the  world.  The  second  skir¬ 
mish  is  perhaps  more  immediate:  With  a 
new  wave  of  tools  and  techniques  for  com¬ 
puter  criminals  to  crack  into  corporate  net¬ 
works,  government  experts  expect  2001  to 
bring  more  computer  crime  than  ever  before 
and  are  working  furiously  to  develop  ways 
to  stop  it. 

For  some  CIOs,  this  will  require 
increased  commitments  to  raising  aware¬ 
ness  of  the  need  for  computer  forensics, 
both  inside  their  organizations  and  out.  For 
others,  it  has  inspired  a  return  to  basic 
forensic  practices  and  a  desire  to  enroll  in 
classes  to  brush  up  on  their  forensic  skills. 
Schmidt,  Microsoft’s  CSO,  says  these 
trends  are  only  the  beginning  of  major 
changes  in  the  industry.  And  as  more  com¬ 
puter  crime  cases  make  their  way  to  the 
courts,  lawyers  continue  to  establish  prece¬ 
dents  on  which  to  build  future  arguments, 
preserving  the  future  for  a  science  that  can 
only  grow  in  scope. 

“Sure  there  are  threats,  but  on  the  whole, 
I’d  say  that  as  this  industry  hunkers  down 
for  the  next  big  wave  of  crime,  it’s  also  ready 
for  more  technologists  to  embrace  forensics 
on  the  whole”  says  Schmidt.  “The  more 
people  in  IT  understand  about  forensics,  the 
more  CIOs  will  jump  aboard  and  start 
employing  it.  Will  crime  increase?  Perhaps. 
But  if  you’re  a  bad  guy,  look  out,  because  the 
chances  of  getting  caught  are  about  to 
increase  tenfold.”  BE! 


Matt  Villano,  a  freelance  writer  based  in  New  York 
City,  has  discovered  more  than  2  million  files  hidden 
on  his  hard  disk.  To  find  out  what  they  contain, 
e-mail  him  at  mjv@whalehead.com. 


FORENSICS  ON  THE  WEB 

To  learn  more  about  computer  forensics,  visit  these  websites. 

■  www. usdoj.gov/criminal/cybercrime 

■  www.treas.gov/usss/index.  htm?electronic_evidence.htm&l 

■  www.epic.org 

■  conventions.coe.int/treaty/en/projets/cybercrime.htm 

For  more  on  computer  forensics,  see  " Building  a  Legacy"  and  "Take  a  Bite  Out  of 
Crime,"  as  well  as  the  rest  of  our  security  coverage  on  our  website  at  CIO.com. 
Also  check  out  our  new  security  research  center. 
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"Malware"— viruses,  spam,  and  other 
malicious  code  or  content,  like  the 
notorious  "Love  Bug"  outbreak — can 
invade  your  network,  clog  your  servers, 
and  cripple  your  system.  But  you've 
got  a  defense:  ScanMail  for  Microsoft 
Exchange,  from  Trend  Micro. 


Awarded  the  MEC  Solutions  Award  2000 
for  Best  Tool  or  Utility,  ScanMail  for 

Exchange  2000  m/sagf* 2000  _ 

offers  centrally  , _ l.-j.llli.MiL-f^TOn 

managed,  highly 

scalable  protection  against  email-borne 
Internet  viruses  and  other  malware. 
ScanMail  integrates  seamlessly  with  your 
Exchange  environment  to  provide  a 
powerful  layer  of  protection  against 
known  and  unknown  macro  viruses, 
Trojans,  worms,  and  other  content 
security  threats.  Used  together  with 
other  Trend  Micro  products,  it  enables 
a  uniform,  single-console  antivirus  and 
security  solution  enterprise-wide. 

See  for  yourself  how  ScanMail  stops 
malware  in  its  tracks.  Get  a  free  evaluation 
CD — and  a  free  copy  of  our  valuable 
white  paper,  "Safe  Computing  Practices"— 
at  www.trendmicro.com/136  (or  call 
1-800-228-5651). 
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Viewpoint 


Think  you  can  just  buy  an  off-the-rack  firewall  and  rest  easy? 
Think  again,  says  renowned  digital  security  expert  Mudge. 


BY  MUDGE  TAKE  THE  DIME,  ONE  THIN  DIME.  What  is  it?  Most  people  will  see  it 

as  part  of  the  monetary  system.  That  is,  you  use  it  to  buy  things.  It  can 
also  be  a  screwdriver,  a  very  slender  shim  or  a  decision-making  tool 
(heads  or  tails?).  Seeing  it  only  as  one-tenth  of  a  dollar  is  an  example  of 
functional  fixation:  the  inability  to  see  a  use  for  something  other  than  its 
intended  use.  ■  Now  take  digital  security,  everything  from  firewalls  to 
virus  software  and  the  like.  Corporate  America  sees  these  solutions  as  a 
magic  elixir,  suitable  for  any  environment.  This  is  another  unfortunate 
example  of  functional  fixation.  ■  This  fixation  is  a  problem  because  off- 
the-rack  digital  security  is  of  limited  value.  Technically,  an  auditor  could 
ask  whether  a  corporation  had  a  firewall  and  consider  his  work  complete. 
Would  that  same  auditor  be  doing  his  job  if  he  had  asked  a  bank  if  it  had 
a  vault  and  left  it  there?  Hardly— he’d  ask  more  questions:  Is  the  vault 
locked?  Who  has  the  keys?  What's  stored  in  it?  When  and  why  is  it 
opened?  Substitute  “digital  security”  for  “bank  vault”  and  you’re  starting 
to  understand  the  need  for  security  customization.  ■  A  bank  cannot  claim 
to  be  diligently  protecting  its  customers  simply  because  it  possesses  a 
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safe.  Similarly,  the  notion  that  installing  a  commercially  avail¬ 
able  firewall  will  instantly  protect  your  company  from  the 
vagabonds  of  the  Internet  is  ludicrous.  How  can  a  business 
address  its  unique  security  needs  through  third-party  vendors 
that  don’t  know  its  business?  A  library,  an  automotive  manu¬ 
facturer,  a  financial  institution  and  a  telecommunications  busi¬ 
ness  each  have  unique  security  requirements.  If  an  automotive 
manufacturer  adopted  the  same  security  posture  as  a  financial 


Once  you’ve  correctly  identified 
the  CROWN  JEWELS,  you  can 
analyze  how  to  BEST  ACCESS, 

TRACK  AND  PROTECT  them. 

institution,  it  may  be  assuming  an  inappropriate  degree  of  risk, 
which  could  mean  either  too  much  or  too  little.  For  example, 
a  list  of  automotive  dealers  would  not  be  as  sensitive  as  a  list 
of  savings  account  customers,  and  therefore  not  at  the  same 
degree  of  risk  and  not  worth  the  security  investment. 

Unfortunately,  many  CEOs  and  CIOs  believe  they  have 
established  adequate  security  measures  by  simply  deploying  a 


firewall.  When  asked  if  they  have  a  firewall,  they  joyfully 
respond,  “Yes!”  The  critical  follow-up  question — “Is  your  fire¬ 
wall  configured  to  map  your  business  model  in  risk  mitiga¬ 
tion?” — is  seldom  asked. 

All  Risks  Are  Not  Created  Equal 

It  makes  good  business  sense  to  accept  a  modicum  of  risk,  as 
long  as  the  potential  rewards  outweigh  the  overall  risks.  If  you 
choose  to  take  larger  risks,  they  should  generate  a  higher  poten¬ 
tial  yield.  So  how  do  you  go  about  assessing,  prioritizing  and 
minimizing  risk? 

Understanding  your  business  is  the  first  step.  From  this 
understanding,  you  can  determine  what  information  is  truly 
valuable.  For  a  car  maker,  it  might  be  the  designs  and  specifi¬ 
cations  for  next  year’s  line  of  vehicles;  for  a  financial  institution, 
it  might  be  customer  account  and  transaction  data;  and  for  a 
telecommunications  company,  it  might  be  rate  plan  compar¬ 
isons.  Once  you’ve  correctly  identified  these  crown  jewels,  you 
can  analyze  how  to  best  access,  track  and  protect  them. 

The  next  step  is  to  measure  the  impact  of  various  risks  to 
your  business.  If  you  identify  risk,  but  cannot  determine  and 
prioritize  the  potential  impacts,  it  will  be  difficult  to  establish 
an  effective  and  efficient  plan  to  mitigate  those  risks. 

There  are  numerous  tools  available  to  help  evaluate  business 
risk.  In  fact,  the  same  mechanisms  used  for  weighing  business 
strategies  often  translate  quite  effectively  to  measuring  digital 
security.  I  use  a  customized  variant  of  a  strategy  analysis  devel¬ 
oped  by  Princeton,  N.J. -based  consultancy  Kepner-Tregoe  to 
evaluate  R&D  efforts  at  ©Stake,  the  security  services  company 
where  I  work.  This  helps  me  weigh  futures  and  functionalities 
of  certain  technologies  and  better  determine  threat  analysis  areas 
that  need  my  team’s  attention.  We  can  then  proactively  help 
define  our  client  corporations’  technology  and  security  curves. 

Protecting  Frobnitz 

Here’s  a  look  at  how  we  might  evaluate  a  technology  for 
security  risk  prior  to  deployment.  We’ll  look  at  a  hypotheti¬ 
cal  infrastructure  device  called  Frobnitz.  Let’s  say  Frobnitz 
is  deployed  across  a  corporation  to  prioritize  data  transmis¬ 
sions  on  local  networks  based  on  whether  or  not  the  data 
originated  from  a  company  executive.  First,  we  must  ask 
why  Frobnitz  is  being  deployed  in  the  first  place.  What  are 
the  business  goals?  How  does  it  fit  into  the  corporations’ 
business  model?  Security  becomes  more  manageable  when 
placed  in  the  proper  context. 

The  security  solutions  will  be  quite  different  if  we  consider 
two  hypothetical  conditions.  The  first  situation  has  the  device 
used  internally  by  senior  executives  to  improve  network  per¬ 
formance.  In  this  case,  the  overall  benefit  is  minimal,  so  nei¬ 
ther  the  risk  posture  nor  the  expenditure  to  secure  the  device 
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ative  to  the  amount  of  risk  they  present  to  the  company,  as 
well  as  the  likelihood  of  an  actual  Frobnitz-related  security 
breach.  Armed  with  those  conclusions,  we  can  research  a  cus¬ 
tomized  security  posture. 

Ring  in  the  Risk 

Another  useful  risk  evaluation  tool  is  a  variation  of  a  ring 
analysis.  This  starts  with  a  particular  “atomic  point,”  or  item, 
and  works  outward  in  rings  of  accessibility.  Let’s  use  CIO  as  an 
example.  The  core  of  CIO’s  business  could  be  viewed  as  its 
subscriber  list;  the  valuable,  targeted  group  CIO  presents  to 
its  advertisers.  If  a  competitor  acquired  this  list,  it  could  scoop 
up  C/O’ s  readers,  offering  them  various  enticements.  The  com¬ 
petitor  could  then  present  itself  to  advertisers  as  the  best  means 
to  reach  those  valued  readers.  The  subscriber  list  is  therefore  a 
crown  jewel  worthy  of  securing. 

During  a  security  analysis,  you  would  want  to  define  the  peo¬ 
ple  at  CIO  who  need  access  to  the  list  in  order  to  modify  it, 
adding  or  subtracting  subscribers.  You  would  also  define  read¬ 
only  access  for  certain  employees,  the  areas  from  which  employ¬ 
ees  can  access  this  list,  and  other  interdependencies.  All  of  these 
factors  would  have  degrees  of  risk  and  value  attached  to  them. 

Then  we  examine  the  core  ring.  How  is  the  system  running 
the  source  database  secured?  The  next  ring  of  accessibility  might 
be  the  local  network.  Analysis  of  this  ring  should  include  deter¬ 
mining  how  users  are  authenticated  and  held  accountable.  Will 
a  Web  developer,  HR  manager  and  salesper¬ 
son  all  know  how  to  treat  the  data  in  a 
secure  and  consistent  fashion?  This  may  call 
for  degrees  of  data  classification.  At  this 
point,  it  should  become  obvious  how  to  con¬ 
figure  the  firewall,  network  and  host  sys¬ 
tems.  This  ring  analysis  method  of  risk 
assessment  and  mitigation  is  most  effective 
once  you  understand  how  the  components 
fit  into  the  corporate  model. 

The  idea  of  using  the  same  procedures  to 
define  business  risk  analysis  and  your  com¬ 
pany’s  digital  security  infrastructure  is  long 
overdue.  Whether  you  use  a  ring,  financial 
or  actuarial  analysis  to  determine  the  appro¬ 
priate  security  posture,  there  will  undoubt¬ 
edly  be  an  increased  understanding  through¬ 
out  the  company  when  the  results  are  in. 
Then,  you  will  be  able  to  truly  maximize 
your  returns  against  necessary  risks.  BE! 


Mudge  is  vice  president  of  research  and  develop¬ 
ment  at  Cambridge,  Mass.-based  @Stake.  Reach 
him  at  mudge@atstake.com. 


THE  MILLION-DfLLAR  QUESTIONS 

Try  this  simple  exercise  to  help  lead  your  company  toward  the  goal  of  maximizing  value 
and  minimizing  risk. 

What  you’ll  need: 

■  a  configured  computer  system  about  to  be  deployed  on  the  corporate  network 

■  a  tech-savvy  systems  administrator 

STEP  1.  mve  the  systems  administrator  examine  the  system. 

STEP  2.  Ask  the  administrator  if  she  can  tell  exactly  what  this  system  is  set  up  to  do 
and  which  network  leg  it  is  going  to  or  coming  from. 

STEP  3.  Ask  the  administrator  about  the  system’s  functionality. 

What  can  it  do?  Can  it  read  mail?  Is  it  a  desktop  system?  Can  it  surf  the  Web?  What  is 
it  restricted  from  doing?  Is  it  equipped  with  the  default  operating  system  or  has  it  been 
modified  for  a  particular  purpose? 

If  the  administrator  is  unable  to  provide  a  clear  answer  for  Step  2  or  3— this  system 
may  be  anything  from  a  desktop  system  for  someone  checking  his  bank  account  to  the 
corporate  database  server  or  mail  relay— then  you  are  accepting  unnecessary  risk.  The 
system  has  to  be  configured  to  mirror  the  business  model.  Furthermore,  you  will  not  be 
realizing  all  possible  rewards,  you'll  be  throwing  away  performance  and  introducing  a 
tendency  toward  chaos  during  future  growth.  -Mudge 


should  be  disproportionate.  A  minimum  need  for  security 
translates  into  nominal  investment. 

In  the  second  scenario,  the  executives  are  performing  busi¬ 
ness  critical  tasks  like  board  meetings  and  strategic  planning 
sessions  between  headquarters  and  remote  locations  over  the 
Internet  and  including  executives  from  other  companies. 
Corporate  secrets  would  be  compromised  if  a  competitor 
broke  into  these  communications.  These  examples  show  that 
even  a  small,  but  disperse  user  base  offers  an  entry  point  into 
the  corporation’s  infrastructure. 

Now,  the  analysis  might  continue  with  questions  like: 

■  How  is  Frobnitz  managed  across  the  network? 

■  Where  is  it  deployed  on  the  network? 

■  What  information  can  an  attacker  receive  by  watching 
this  device? 

■  What  information  can  an  attacker  gain  by  analyzing 
network  traffic? 

■  What  happens  if  the  device  is  compromised  or  tricked? 

■  How  was  the  component  designed? 

■  How  is  it  initially  configured  (how  does  it  know  who  is 
an  executive  and  who  isn’t)? 

■  What  is  the  most  restrictive  configuration  that  will  still 
meet  the  business  need? 

The  next  step  in  analyzing  risk  is  to  create  attack  scenarios 
around  each  of  these  questions.  We  continue  brainstorming 
risk  mitigation  techniques  and  responses  to  threat  questions  rel- 
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MasterCard  AN  AT&T  BUSINESS  IP  SOLUTION 

VIRTUAL  PRIVATE  NETWORKS:  When  MasterCard  launched 
the  payment  industry's  first  Virtual  Private  Network  (VPN)  three 
years  ago,  it  turned  to  AT&T  for  an  IP  VPN  with  bandwidth  on 
demand.  The  flexible  system  now  operates  in  61  countries, 
allowing  MasterCard  members  to  expand  network  capacity 
during  peak-season  loads.  No  matter  what  size  your  business, 
when  transactions  soar,  AT&T  keeps  them  moving  right  along. 


AT&T  Business 

Innovative  Networks.  Innovative  Thinking!" 


©2001  AT&T  Business 


Find  out  how  VPN  can  speed  up  our  business.  Call  1  888  258-0588  or  visit  www.att.com/business/vpn 


Envera  CTO  Mike  Giesier  got  a  warm  reception  from 
his  industry  peers  to  the  idea  of  a  subscription-based 
online  chemical  exchange. 
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E-Commerce  Strategies 


Envera  aims  to  provide  an  electronic  link  between  chemical 
companies  and  their  customers.  Sounds  simple ,  but  why  should 
the  XML-based  platform  succeed  where  EDI  failed? 


BY  LAUREN  GIBBONS  PAUL 


dirty  little  secret  exists  in  industry  today:  In  this  age  of 
e-business,  most  business  is  not  electronic  at  all.  Most 
businesspeople  still  buy  and  sell  goods  via  methods  that 
have  been  around  for  decades.  They  write  a  contract  and 
shake  hands.  They  pick  up  the  phone  and  send  a  fax. 
The  truly  enlightened  might  communicate  via  e-mail. 
This  is  particularly  true  in  the  $507  billion 
North  American  chemical  industry,  where  most  companies  have  long¬ 
standing,  contractual  relationships  with  their 
suppliers.  That’s  why  the  founders  of  Envera, 
a  Richmond,  Va. -based  startup,  think  their 
idea  of  providing  an  electronic  hub  through 
which  chemical  companies  can  forge  links  with 
each  other  will  strike  a  chord  in  the  industry. 


Reader  ROI 

►  Discover  the  advantages 
of  connecting  to  partners 
in  your  industry  via  a 
third-party  platform 

►  Understand  the  major 
obstacles  facing  electronic 
exchanges 
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E-Commerce  Strategies 

Consider  a  typical  transaction:  After  a  bid¬ 
ding  process,  chemical  companies  generally 
enter  into  annual  contracts  to  buy  a  certain 
quantity  of  chemicals  at  a  certain  price  from 
a  certain  partner.  A  purchasing  agent  from 
the  buyer  then  calls  the  seller’s  toll-free  num¬ 
ber  to  confirm  price  and  quantity  and  sched¬ 
ule  the  shipment  of  an  order.  The  seller’s  rep¬ 
resentative  keys  the  order  into  his  company’s 
system — perhaps  making  an  error  or  two — 
and  then  faxes  back  the  order  acknowledg¬ 
ment.  The  method  works,  but  it  is  hugely 
expensive.  All  told,  it  costs  between  $50  and 
$100  to  process  a  single  order. 

Clearly,  the  way  chemical  companies  con¬ 
duct  transactions  is  in  need  of  an  overhaul. 
The  question  remains  whether  a  market¬ 
place  such  as  Envera — using  XML  as  the 
linchpin — can  provide  the  answer. 

Looking  for 
an  Easier  Way 

Chemical  companies  have 

long  searched  for  a  way  to 
9  automate  the  procurement 
of  production  goods.  Twen  ¬ 
ty  years  ago,  many  pinned 
*  their  hopes  on  electronic 
data  interchange  (EDI),  which 
had  been  used  successfully  in  the  automotive 
industry,  but  that  effort  failed  to  catch  on 
in  the  chemical  industry  for  lack  of  stan¬ 
dards.  Along  came  the  Internet.  At  the  end 
of  the  ’90s,  companies  such  as  Ethyl  began 
to  build  Web-based  connections  to  many  of 
their  best  customers.  Using  these  private, 
company-to-company  connections,  the  part¬ 
ners  could  obtain  order  information,  sub¬ 
mit  orders,  and  find  information  on  prod¬ 
uct  descriptions  and  shipping  details.  The 
problem  was,  each  connection  took  months 
and  hundreds  of  thousands  of  dollars  to 
build.  There  was  no  way  companies  could 
afford  to  create  a  one-to-one  connection  for 
each  of  their  suppliers.  Bob  Mooney,  then 
chief  financial  officer  at  Ethyl  in  Richmond, 
Va.,  an  $843.7  million  maker  of  petroleum 
additives,  remembers  thinking  that  a  better 
way  to  go  would  be  to  create  a  central  plat- 
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form — an  electronic  clearinghouse  or  hub — 
that  would  link  chemical  companies’  back¬ 
end  systems  with  those  of  all  their  suppli¬ 
ers.  The  hub  would  translate  business 
documents  such  as  a  purchase  order  from  a 
company’s  ERP  system  into  standard  XML 
data  and  send  it  to  the  partner,  where  it 
would  be  translated  into  the  format  pre¬ 
ferred  by  the  partner’s  ERP  system.  Having  a 
centralized  electronic  hub  would  eliminate 
the  need  for  companies  to  forge  individual 
connections  to  every  trading  partner,  in 
theory  saving  loads  of  time  and  money. 

Last  March,  Mooney,  Mike  Giesler,  then 
Ethyl’s  CIO,  and  two  other  cofounders 
began  knocking  on  colleagues’  doors,  talk¬ 


ing  about  creating  an  electronic  hub  for  the 
chemical  industry  they  called  Envera 
(roughly  translated  from  Latin,  envera 
means  “in  truth”).  Envera  would  differ  from 
other  electronic  trading  exchanges  that  were 
then  making  headlines,  such  as  the  chemi¬ 
cal  industry’s  CheMatch.com  and  the  auto 
industry’s  Covisint,  in  that  it  would  not 
attempt  to  match  sellers  with  buyers.  Rather, 
it  would  serve  only  as  an  electronic  platform 
on  which  already-established  business 
partners  could  conduct  their  transactions. 
Envera  would  not  take  a  piece  of  each  trans¬ 
action  that  it  hosted  but  instead  would 
charge  members  an  annual  subscription  fee 
of  between  $5,000  and  $300,000,  depend- 
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over  your  e-business? 


Only  METASeS""  gives  you  the  peace 
of  mind  you  need  when  facing  the 
challenges  of  securing  your  IT  infrastructure 
and  e- Foundation. 


Our  worldwide  team  of  industry  leading  security  and 
e-commerce  experts,  are  committed  to  helping  you  meet  the 
challenges  of  tomorrow  today.  Whether  you  are  a  small,  medium  or 
large  business  we  are  committed  to  helping  organizations  like  yours  harness 

the  power  of  the  Internet. 


Our  revolutionary  enterprise-wide  security  solutions  and  approach  to  threat  and  vulnerability 
management,  intrusion  detection,  security  policy  and  procedure  development  and  compliance,  incident 
response  and  computer  forensics,  make  securing  your  IT  infrastructure  easy.  We  apply  the  best  minds  in  the  industry 
to  ensuring  you  that,  your  network  and  e-commerce  solutions  are  prepared  for  the  inevitable,  not  to  mention  the  unexpected 


For  more  information  on  how  METASeS  can  assist  you  in 
securing  your  e-Foundation  visit  our  website  at  www.metases.com, 
or  call  877. 908. META 
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ing  on  company  size.  Mooney  and  Giesler 
got  a  warm  reception  from  their  peers,  snag¬ 
ging  funding  from  11  companies.  Things 
moved  quickly  after  that.  Giesler  and 
Mooney  left  Ethyl  in  July  and  by  the  end  of 
the  summer  Envera  had  hammered  out 
XML  document  definitions  for  eight  basic 
business  processes  in  conjunction  with  an 
industry  standards  group.  By  the  fall,  the  ini¬ 
tial  phase  of  Envera  was  up  and  running, 
with  partners  such  as  Lubrizol  and  Occi¬ 
dental  Chemical  beginning  to  conduct  busi¬ 
ness  online.  To  date,  only  a  tiny  number  of 
transactions  have  taken  place  on  Envera. 
Giesler  expects  business  to  jump  once 
Envera ’s  40  trading  partners  come  online 
this  spring. 

Mooney,  now  president  of  Envera,  likes 
to  say  Envera  is  “business  for  business”  as 
opposed  to  the  ubiquitous  “business-to-busi- 
ness.”  The  theory  is  that  companies  of  all 
sizes  can  come  together  on  Envera  without 
fear  that  the  e-hub  benefits  only  the  largest 
companies.  “The  early  exchanges  were  dom¬ 
inated  by  the  big  players.  A  lot  of  smaller 
companies  were  afraid  [the  large  companies] 
would  get  together  and  try  to  drive  down 
prices.  Our  philosophy  is  that  this  is  a  neu¬ 
tral  site  for  all  the  other  businesses,  and  the 


benefits  get  passed  down  to  all  members,” 
says  Giesler,  now  Envera’s  chief  technology 
officer.  Envera’s  second  phase,  which  launched 
in  January,  added  links  to  service  providers, 
among  them  two  trucking  companies  and 
one  rail  company  to  move  products  traded  on 
its  exchange.  By  banding  together,  Envera 
members  will  be  able  to  negotiate  discounted 
prices  on  services,  according  to  Giesler. 
Envera  also  plans  to  add  services  such  as  data 
warehouse  capabilities  and  management  of 
subscribers’  material  safety  data  sheets,  a  legal 
requirement  for  chemical  companies. 

Cautious  Optimism 

Just  because  Envera  has  made  it 
out  of  the  starting  gate  is  hardly 
a  guarantee  of  its  eventual  suc¬ 
cess.  Like  all  electronic  trading 
exchanges  and  hubs,  Envera 
faces  enormous  obstacles  (see 
“Due  Diligence,”  this  page).  For 
starters,  it  has  new  competition: 
a  similar  online  exchange  for  the 
chemical  industry  dubbed  Elemica.  Ele- 
mica,  a  Philadelphia-based  e-marketplace 
that  went  online  in  a  test  phase  this  past 
January,  is  also  based  on  an  XML  platform, 


and  it  is  backed  by  22  of  the  largest  chemi¬ 
cal  companies,  including  BASF,  Dow  Chem¬ 
ical  and  DuPont.  With  Elemica  in  the  pic¬ 
ture,  Envera  may  find  it  harder  to  sign  up 
more  companies  as  subscribers. Whether 
Envera  can  grow  beyond  its  initial  image  as 
an  extension  of  Ethyl  presents  another  chal¬ 
lenge.  The  e-hub  will  succeed  only  if  indus¬ 
try  companies  see  it  as  a  neutral  platform 
that  exists  for  the  benefit  of  all  companies. 
The  fact  that  the  nine  Envera  owners  are 
also  its  users  could  become  a  problem  down 
the  road. 

Despite  the  uncertainty  surrounding  elec¬ 
tronic  exchanges,  Envera  has  earned  mod¬ 
est  praise  from  some  industry  watchers.  The 
chemical  industry  already  has  its  share  of 
trading  exchanges,  such  as  CheMatch.com 
and  ChemConnect,  that  seek  to  match  up 
buyers  and  sellers  for  spot  buys  of  excess 
inventory.  Emphasizing  connectivity  be¬ 
tween  established  business  partners  is  a  fresh 
approach,  according  to  Leif  Eriksen, 
research  director  for  AMR  Research  in 
Boston.  Envera’s  strategy  requires  a  great 
deal  of  independence,  however. 

“No  [single]  company  must  be  allowed  to 
dominate  the  platform,”  says  Eriksen.  If  the 
balance  of  power  were  to  tip  in  favor  of  one 
member  company,  fewer  and  fewer  compa¬ 
nies  would  use  the  hub,  perceiving  it  to  ben¬ 
efit  the  dominating  company.  That’s  always 
a  danger,  given  that  the  four  founders  came 
from  Ethyl,  and  Envera  is  located  in  Ethyl’s 
hometown  of  Richmond.  Mooney  doesn’t 
believe  it’s  likely  Ethyl  will  dominate,  since 
it  is  the  smallest  company  so  far  to  invest  in 
Envera.  “There’s  no  way  from  a  business 
point  of  view  that  Ethyl  will  have  too  much 
influence,”  he  says.  “None  of  the  partners 
can  invest  beyond  a  certain  level.  And  each 
equity  partner  has  one  vote  on  the  board.” 

So  far,  the  strategy  is  working,  says 
Eriksen,  who  cited  Envera’s  quick  launch 
with  a  minimum  of  interference  from  its 
board  members  as  proof.  But  hard  choices 
lie  ahead,  and  corporate  governance  can  get 
ugly  very  quickly.  Eriksen  believes  Envera 
will  have  to  go  public  one  day  or  bring  in 
capital  from  disinterested  third-party  in- 


Due  Diligence 

What  not  to  do  before  investing  in  an 
exchange  or  consortium 


■DON’T  buy  into  the  theory  that  electronic  exchanges  will  enable  a  level  of 
commerce  never  before  seen  by  mankind.  Despite  the  hype,  no  exchange  will 
receive  100  percent  of  the  spending  in  its  industry. 


DON’T  believe  exchanges  will  enable  you  to  analyze  all  your  data  in  one  place. 
Since  you  won’t  ever  do  all  your  transactions  on  one  exchange,  data  will  reside 
in  different  locations. 


■DON’T  get  involved  unless  the  exchange  has  a  clear  (and  we  mean  clear) 
path  to  profitability.  The  exchange  has  no  hope  of  survival  without  it. 


DON’T  invest  money  in  an  exchange  without  first  finding  out  if  you’ll  have  to 
commit  to  a  second  round.  -  LG.  Paul 
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Consider  the  coming  do-every- 
thing-but-shine-your-shoes 
next-generation  mobile  phones. 
Mitsubishi  Electric’s  contributions 
range  from  submarine  fiber-optic 
cables  and  encryption  algorithms 
to  system  LSI  and  intelligent 
CMOS  image  sensor  cameras. 
Because  we  know  the  network 
so  intimately,  we  are  able  to 
integrate  the  technologies  that 
allow  it  to  serve  you  best. 

Armed  with  a  tiny  wireless 
handset  that  brings  you  e-mail, 
e-commerce,  video  files  and, 
oh  yes,  voice  connections,  you’ll 
have  the  power  to  make  the 
world  come  to  you. 

We  integrate.  You  communicate. 


Mobile  communications  network. 
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Trium  concept  model.  Picture  simulated. 
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No  find  out  more  about  our  mobile  phones,  please  contact:  Mitsubishi  Wireless  Communications,  Inc. 
3805  Crestwood  Parkway  Suite  350,  Duluth,  Georgia  30096, U.S.A.  Tel:  770-638-2074  Fax:  770-921-4522 
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vestors  if  it  is  to  succeed  long  term  because 
there  is  too  much  of  a  chance  that  the  equity 
investors  will  use  their  voting  power  to  make 
decisions  that  benefit  them  at  the  expense 
of  the  community  platform.  For  example, 
Envera  may  need  to  spend  a  lot  more  money 
in  the  coming  years  sprucing  up  the  plat¬ 
form’s  capabilities  in  order  to  attract  more 
participants.  But  if  the  equity  partners  are 
satisfied  with  Envera  as  is  and  decline  to 
invest  more  money,  that  could  hurt  the  hub’s 
chances  of  acceptance  in  the  industry  as  a 
whole.  “To  be  truly  independent,  you  can’t 
have  owners  that  are  users,”  says  Eriksen. 

Others  are  not  convinced  that  Envera  is 
pursuing  the  right  strategy.  John  Moore,  vice 
president  at  ARC  Advisory  Group  in 
Dedham,  Mass.,  says  the  funding  model 
practiced  by  ChemConnect  is  preferable. 
“Envera  has  an  open  equity  situation — take 
one,  take  all,”  he  says.  “How  do  you  rotate 
the  board  when  there  are  more  investors? 
They  don’t  seem  to  have  that  very  well 
thought  out.”  ChemConnect’s  31  equity 
partners  have  no  voting  rights,  something 
that  Moore  thinks  is  in  the  best  interest  of  the 
exchange.  Giesler  acknowledges  that  these 
are  legitimate  concerns  and  says  Envera  is 
working  toward  converting  its  board  to  be 
100  percent  independent.  This  may  prove 
difficult  or  impossible  to  do.  “I  don’t  know 
that  they  can  go  back  now  and  try  to  take 
away  the  investors’  votes,”  says  Moore. 

AMR’s  Eriksen  has  been  watching  Envera 
since  its  inception  and  believes  it  is  further 
along  than  any  other  e-hub  in  its  space.  “I 
tend  to  be  very  skeptical  about  exchanges, 
but  what  they  have  done  is  much  more, 
much  faster  than  anyone  else  has.  They’re 
the  leaders  in  this  industry,”  he  says.  For 
Eriksen,  however,  corporate  governance 
issues  remain  the  huge  dark  cloud  on  the 
horizon — for  all  consortium  trading  ex¬ 
changes,  including  Envera. 

Where  huge  companies  come  together, 
governance  gets  awfully  hazy,  and  it’s  tough 
to  get  even  simple  things  done,  never  mind 
tackle  hard  issues  like  industry  standards. 
With  its  three  CEOs,  the  auto  industry’s 
Covisint  is  a  case  in  point:  Envera  got  up 
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and  running  before  Covisint,  which  was 
announced  more  than  a  year  earlier. 

The  XML  Question 

he  fate  of  XML  is  an 
especially  big  ques¬ 
tion.  The  standard  markup 
language  represents  a  break¬ 
through  in  one  sense  by  giving 
companies  a  common  lan- 
mJBSsSLm  guage  to  use  to  transmit 
data  over  the  Internet.  This  is  a  huge  advan¬ 
tage  over  EDI,  which  requires  participants 
to  rent  bandwidth  on  a  costly  private  net¬ 
work.  EDI  failed  to  take  hold  in  the  chem¬ 
ical  industry,  unlike  in  the  auto  industry, 
for  at  least  two  reasons.  First,  chemical  sales 
tend  to  be  large  on  average  (about  $20,000) 


and  often  require  more  oversight  than  EDI 
allowed.  Second,  there  were  so  many  inter¬ 
ested  parties  given  the  chemical  industry’s 
fragmentation  that  it  was  nearly  impossi¬ 
ble  to  agree  on  data  standards.  The 
Chemical  Industry  Data  Exchange  (CIDX) 
was  formed  in  the  late  1980s  to  work  on 
the  issue  but  was  unable  to  garner  enough 
clout  to  make  a  difference.  “The  standards 
they  arrived  at  were  lots  of  standards, 
which  is  effectively  no  standards,”  recalls 
Mason  Moore,  vice  president  of  technol¬ 
ogy  of  Envera. 

But  just  providing  a  standard  language  is 
not  enough — syntax  is  needed  too.  For 
XML  to  be  truly  useful  requires  the  defini¬ 
tion  of  standard  documents,  such  as  a  pur¬ 
chase  order,  to  be  used  within  the  industry. 
And  once  those  business  documents  have 
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been  defined,  they  must  be  widely  adopted. 
In  the  chemical  industry — as  everywhere — 
multiple  groups  with  multiple  agendas  are 
pursuing  multiple  standards.  Envera  has 
made  quick  progress  on  its  eight  initial  XML 
documents,  but  a  potential  battle  looms  with 
competitor  Elemica. 

XML  has  an  obvious  advantage  over  EDI 
in  that  it  leverages  existing  infrastructure 
(such  as  the  Internet)  and  is  therefore  not 
expensive  to  adopt.  And  it  does  have  some 
technical  advantages.  “In  XML  everything 
is  defined  by  tags,  and  you  can  extend  the 
document  by  adding  more  tags,”  says 
Envera ’s  Moore.  “Two  partners  can  agree  to 
a  specific  extension  of  a  purchase  order.  That 
gives  much  more  flexibility.  You  can  also 
drop  an  XML  stream  on  a  piece  of  paper 
and  read  it.  That’s  not  true  for  EDI,”  which 
is  only  machine  readable.  But  in  the  stan¬ 
dards  department,  XML  is  no  different  from 
EDI.  “There’s  no  guarantee  that  it  will  suc¬ 


ceed.  It  will  face  the  same  problems  EDI 
did,”  says  Eriksen. 

“EDI  was  not  a  smashing  success  in  the 
chemical  industry  because  we  did  not  come 
together  around  standards.  We’re  trying  to 
learn  a  lesson  from  that,”  says  Johnnie 
Foster,  vice  president  and  CIO  of  Solutia, 
a  $2.8  billion  chemical  manufacturer  in 
St.  Louis.  Solutia  invested  “several  million” 
in  Envera  in  part  because  it  believes  in  XML’s 
potential  to  succeed  where  EDI  failed. 

This  time  around,  there  are  hopeful  signs. 
Envera  has  agreed  to  share  its  eight  initial 
XML  document  definitions  for  use  with 
CEDX  for  use  by  any  company  in  the  indus¬ 
try.  However,  the  ability  of  competitors  to 
coalesce  around  standards  was  immediately 
tested  when  Elemica  announced  last  sum¬ 
mer  that  it  too  was  working  on  XML  docu¬ 
ment  definitions  for  a  purchase  order  and  an 
order  acknowledgment,  among  others.  Rep¬ 
resentatives  from  Envera  and  Elemica  gath¬ 


ered  around  the  bargaining  table  and  ham¬ 
mered  out  common  definitions  for  the  good 
of  all.  For  their  part,  Mooney  and  Giesler  say 
they’ll  do  what’s  necessary  to  work  out  a 
common  standard  or  arrange  for  Envera  to 
map  to  different  standards,  as  needed. 

But  one  wonders  how  long  the  congenial 
atmosphere  will  last.  It’s  hard  to  cooperate 
when  others  fail  to  follow  suit.  Chuck 
Gruber,  vice  president  of  Elemica,  empha¬ 
sized  that  his  group  worked  with  CIDX,  not 
Envera,  on  the  initial  documents.  “We  feel 
working  with  [Envera]  would  dilute  the  con¬ 
cept  of  what  we’re  trying  to  do,”  he  says.  So, 
in  effect,  Elemica  and  Envera  are  working  at 
cross-purposes,  at  least  as  far  as  Gruber  is 
concerned.  That’s  bad  news  for  the  industry 
as  a  whole,  especially  since  the  Federal  Trade 
Commission  has  said  that  it  will  look  espe¬ 
cially  closely  at  any  proposed  trading 
exchange  that  attempts  to  limit  interoper¬ 
ability  with  other  exchanges. 


Trouble  in  Paradise 

According  to  AMR  Research  analyst  Bruce  Richardson,  at  least  7  major  challenges 
face  consortium  trading  exchanges  (CTEs)  like  Envera: 


Premature  promises  of  functionality.  Most  exchange  operators 
are  too  optimistic  about  delivery  dates  for  functionality.  CTEs 
often  make  promises  before  writing  any  code— even  before 
selecting  a  technology  platform.  For  at  least  the  next  two  years, 
CTEs  will  have  difficulty  delivering  more  than  auction,  spot-buy 
and  excess- inventory  services. 

Lack  of  consensus  about  where  functionality  should  reside. 

The  debate  still  rages  about  whether  applications  should  stay 
proprietary  and  behind  the  wall  or  nonproprietary  and  in  front  of 
the  firewall.  That  must  be  settled. 

Need  to  budget  for  the  total  cost  of  the  exchange.  The  cost  of 
developing  a  consortium  trading  exchange  is  in  the  $250  mil¬ 
lion  to  $500  million  range,  depending  on  a  variety  of  factors. 
Few  participants  have  an  accurate  handle  on  the  time  and 
expense  required  to  integrate  their  existing  systems  into  the 
trading  exchange. 

Competition.  Envera  faces  competition  from  other  emerging 


XML-basgp  exchanges  like  Elemica  and  existing  trad  jig 
exchanges  like  CheMatch.com. 

Supplier  Recruitment,  participation  an&tegration.  Many  sup 
pliers  are  skeptical  of  win-win  promises.  They  view  CTEs  as  ari 
e-squeeze  that  will  cut  into  ij|ofit  marlins  or  turn  their  products 
into  commodities. 

Marketplace-to-marketplace  integration.  While  few  CTEs  are 
operational  as  anything  more  than  auctions,  major  software 
provide^  are  |jready  talking  about  marketplace-to-marketAce 
integration.  The  functionality  hs  yet  to  be  stress-tested  for 
homogeneo|$  exchanges,  and  it  is  years  away  from  use  among 
heterogeneous  exchanges. 

Political  infighting.  Politics  will  play  out  within  CTEs,  to  their 
detriment.  Problems  can  arise  when  the  CEO  or  board  makes 
the  membership  decision  without  consulting  those  responsible 
for  ensuring  the  success  of  the  investment. 

-L.G.  Paul 
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Private  Versus  Public 

Even  if  XML  works  like  a 
charm,  Envera  may  have 
a  hard  sell  on  its  hands,  at 
least  when  it  comes  to  con¬ 
vincing  companies  to  shift 
the  majority  of  their  trans¬ 
actions  its  way.  Although 
it  never  adopted  EDI  to  any  great  degree, 
Occidental  Chemical  (OxyChem),  a  $3  bil¬ 
lion  chemical  manufacturer,  saw  the  benefits 
of  linking  electronically  to  its  partners.  More 
than  a  year  ago,  OxyChem ’s  Oxy Vinyl  divi¬ 


sion  built  an  ERP-to-ERP  connection  to 
PolyOne  Corp.  (then  called  Geon  Co.),  one  of 
its  largest  customers.  “As  a  result,  all  the  resin 
products  that  Oxy  Vinyl  supplies  to  PolyOne 
are  hands-free,  with  no  human  intervention,” 
says  Charles  Clark,  former  vice  president  of 
e-business  for  OxyChem  in  Dallas.  “We  saw 
significant  value  in  terms  of  increased  effi¬ 
ciency  of  operations.  We’ve  reduced  the 
amount  of  inventory  we  were  carrying.” 

But,  much  like  the  experience  at  Ethyl, 
Clark  couldn’t  imagine  building  what 
amounts  to  a  private  exchange  for  every  one 
of  its  customers,  only  for  the  cream  of  the 


crop.  “We  were  looking  for  a  one-to-many 
solution  where  the  idea  is  you  connect  only 
once,”  he  says.  OxyChem  was  one  of  En¬ 
vera ’s  first  equity  partners.  The  $4  million 
investment  OxyChem  made  in  Envera  was 
easy  to  justify  for  a  company  of  its  size, 
according  to  Clark. 

Clark  likes  what  he  has  seen  so  far  from 
Envera.  But  he  doesn’t  expect  the  platform 
will  supplant  all  of  OxyChem ’s  other  ways 
of  doing  business.  In  the  next  five  years, 
Clark  hopes,  up  to  40  percent  of  OxyChem’s 
transactions  will  go  through  Envera.  The 
rest  will  be  homegrown  private  exchanges 
like  the  one  OxyChem  built  with  PolyOne, 
EDI  and  good  old-fashioned  techniques  like 
phone  and  fax. 

That  a  huge  corporation  like  OxyChem 
will  continue  to  endure  the  pain  and  effort  of 
creating  private  exchanges  with  its  most 
prized  customers  does  not  surprise  ARC’S 
Moore.  “None  of  these  marketplaces  will 
ever  get  100  percent  of  the  spend,”  he  says. 
“[Electronic  exchanges]  all  have  grand 
dreams  of  being  able  to  take  over  all  of  their 
transactions  for  all  their  partners.  It  won’t 
happen.  Some  companies  may  not  want 
their  most  sensitive  purchases  logged  on  an 
online  marketplace — no  matter  how  bullet¬ 
proof  the  promised  security  measures.” 
Even  DaimlerChrysler  is  setting  up  an 
exchange — separate  from  Covisint — to 
source  its  strategic  goods,  according  to 
Moore.  An  AMR  Research  report  estimates 
that  as  much  as  75  percent  of  the  consor¬ 
tium  revenue  opportunity  over  the  next  two 
years  could  go  to  private  exchanges  that 
leverage  the  Internet. 

For  the  moment,  at  least,  Envera  can  be 
forgiven  for  savoring  the  fact  that  it  has  done 
what  it  promised  in  this  early  phase,  which 
is  uncommon  in  the  exchange  arena.  “We  set 
our  goals  and  made  our  business  plan.  These 
haven’t  changed.  We  want  to  earn  our  trading 
members’  trust,”  says  Mooney.  BE] 


Let  us  know  what  you  think  of  electronic  exchanges 
at  letters@cio.com.  Lauren  Gibbons  Paul  is  a  free¬ 
lance  writer  in  Waban,  Mass.  Send  her  an  e-mail  at 
iaurenpaui@mediaone.net. 
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!n  there,  somewhere,  is  everything  you  need  to  know.  Everything  your  sales  force  needs  to  know.  Everything  your  suppliers  need  to  know. 

In  there,  somewhere,  is  everything.  Now  if  only  you  could  find  it.  That’s  why  you  need  a  Sybase  Enterprise  Portal.  The  smart  way 


to  integrate  your  business  apps  on  the  Internet  so  everyone  can  access  the  information  they  need,  rS2i 

regardless  of  what  data  source  or  application  it  comes  from.  Find  out  more  at  www.sybase.com/portal  uMfRASK 

or  call  1-800-8-SYBASE.  We’ll  help  you  feel  differently  about  all  the  information  in  your  company.  Information  Anywhere11 

The  Sybase  Enterprise  Portal,  Because  everything  works  better  when  everything  works  together. 
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E-Government 


Federal  agency  CIOs  could  save  you 
billions  through  supply  chain  automation . 

They  don't. 


MaryAnn  Guerra,  deputy  director  for  management  with  the  National  Cancer 
Institute  (NCI),  is  in  charge  of  making  sure  the  agency  runs  smoothly  so 
that  its  scientists  can  get  on  with  finding  a  cancer  cure.  One  of  the  scien¬ 
tists’  requirements?  Getting  new  microscopes  when  they  need  them. 

In  1994,  Guerra  was  getting  lots  of  complaints  that  this  basic  equipment  was  tak¬ 
ing  too  long  to  acquire.  At  the  time,  she  was  cochair  of  a  committee  that  was  looking 
into  ways  NCI  could  improve  its  efficiency.  The  scientists  on  the  committee  identified 
procurement  as  their  number-one  problem.  Not  only  were 
they  frustrated  by  how  long  it  took  purchasing  agents  to 
get  them  their  tools,  they  thought  the  old-fashioned, 
paper-intensive  procurement  process  cost  too  much.  The 
scientists  knew  the  emerging  Internet  could  be  used  for 
purchasing,  that  it  would  be  faster  and  that  it  would  save 
money — money  that  could  be  used  to  fight  cancer.  They 
asked  Guerra  to  make  it  happen. 

She  did.  Guerra’s  committee  held  a  competition  that 
led  to  a  partnership  with  a  small  private  company, 

Cybersystems  Technologies  of  Towson,  Md.,  to  develop 
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an  electronic  catalog,  ordering  and  accounting  system.  The  IntraMall 
was  born.  But  after  two  years  of  work  preparing  the  site,  almost 
nobody  shopped.  Only  147  orders  were  placed  through  the 
IntraMall  in  its  first  six  months  of  operation.  It  wasn’t  until  Guerra 
made  using  the  site  mandatory  for  the  buyers  who  reported  to  her 
that  traffic  reached  critical  mass.  Last  year,  with  buyers  from  other 
groups  in  the  National  Institutes  of  Health  (NIH),  NCI’s  parent 
agency,  also  using  it,  IntraMall  logged  12,000  orders  and  saved 
more  than  90  percent  on  each  transaction. 

Online  purchasing  has  already  saved  taxpayers  between  $6  mil¬ 
lion  and  $8  million,  but  that’s  a  drop  in  the  bucket  when  you  con¬ 
sider  that  last  year  the  IntraMall  handled  less  than  half  a  percent  of 
the  $1  billion  NIH  spends  annually  on  lab  equipment.  If  all  such 
orders  were  made  online,  the  government  could  save  an  estimated 
$  1 00  million.  And  Guerra  says  now  that  the  integration  to  the  NIH 
financial  systems  is  almost  complete,  NIH  expects  to  save  even  more 
money  and  cut  out  more  paperwork.  Guerra’s  e-commerce  efforts 
are  being  replicated  in  every  federal  agency  as  government  CIOs 
attempt  to  reap  the  benefits  of  supply  chain  integration.  Gartner 
estimates  that  the  government  could  save  taxpayers  a  whopping 
$2  billion  annually  just  by  making  routine  purchases  online.  That’s  at 
least  on  par  with  what  leading  private  companies  save  on  the  same 


types  of  transactions.  (See  “Four  Strategies,”  CIO,  Oct.  1,  2000.) 

Yet  most  federal  agencies  are  still  treating  e-commerce  as  a  set  of 
one-off  projects,  rather  than  as  a  comprehensive  strategy  to  automate 
their  supply  chain  the  way  private  companies  are  doing.  The  gov¬ 
ernment  spends  $200  billion  on  goods  and  services  every  year — more 
money  than  General  Motors,  the  largest  company  in  the  Fortune 
500,  collects  in  revenues.  But  it  still  conducts  all  but  5  percent  of  its 
transactions  using  paper  and  the  telephone,  according  to  Gartner. 

The  government  doesn’t  even  track  in  any  systematic  way  how  much 
it  spends  or  how  many  bills  it  pays  online. 

With  the  potential  to  save  billions  just  a  virtual  mouse-click  away, 
why  is  the  government  still  buying  the  old-fashioned  way?  Maybe 
because  nobody  is  holding  a  gun  to  its  head.  Corporations  have  to  f 

watch  the  bottom  line,  but  government  agencies  don’t  get  punished 
financially  for  not  saving  money.  “There’s  no  one  in  charge  of  better,  { 

cheaper,  faster,”  says  George  Molaski,  CIO  with  the  U.S.  Department  ' 

of  Transportation  (DOT),  and  cochair  of  the  e-gov  committee  of  the  S 

federal  CIO  council.  “That’s  the  crying  need  of  government.” 

Off  to  a  Good  Start 

The  feds’  adoption  of  e-commerce  started  the  way  most  government 
initiatives  do:  with  a  study.  In  1993,  a  report  by  the  National 
Performance  Review,  an  effort  to  improve  gov¬ 
ernment  management  led  by  former  Vice 
President  A1  Gore,  said  that  by  consolidating  their 
purchases,  agencies  could  save  money  through 
greater  volume  discounts  and  simpler  administra¬ 
tive  practices.  Government  IT  executives  con¬ 
cluded  they  could  accomplish  those  goals  through  ^ 

e-commerce.  The  next  year,  the  Federal  Acquisi¬ 
tion  Streamlining  Act,  which  simplified  govern¬ 
ment  procurement  rules,  mandated  agencies  to 
do  more  business  online  using  a  network  solution 
called  the  Federal  Acquisition  Computer  Network 
(FACNET).  This  mandate  was  short-lived.  The 
Internet  rendered  FACNET  obsolete,  and 
Congress  eliminated  the  requirement  to  use  it  in 
1995,  leaving  no  legislation  to  further  coax  agen¬ 
cies  into  electronic-purchasing  land. 

Congress  did  give  e-commerce  many  cham¬ 
pions.  The  Clinger-Cohen  Act  of  1996  created 
CIO  positions  at  each  major  U.S.  department. 

The  law  put  CIOs  at  the  executive  table,  with  the 
idea  that  each  department  would  use  IT  more  like 
private  companies.  CIOs  promoted  e-commerce 
by  building  new  purchasing  systems,  like  NCI’s 
IntraMall,  which  use  online  catalogs  from  pre¬ 
ferred  suppliers  and  can  process  credit  card  orders. 

Steven  Kelman,  a  professor  at  Harvard  Uni¬ 
versity’s  Kennedy  School  of  Government,  was 


146  CIO  MARCH  1,  2001  •  www.cio.com 

i1 


i 


These  days,  your  business  has  to  be  a  global  e-business.  Global  locations  have  to  be 
synchronized  so  you  can  make  better  decisions  and  make  them  faster.  Sprint  understands  mission-critical  data 
has  to  flow  so  you  can  help  boost  productivity.  With  Sprint  global  data  solutions,  you'll  benefit  from  the 
enhanced  reliability,  security  and  performance  provided  by  our  acclaimed  global  network  for  your  Internet, 
intranet,  extranet,  remote  access  applications  and  mission  critical  data.  Sprint  has  the  flexible  data  solutions 
backed  by  dependable  customer  support  and  service  you  need  to  connect  your  company's  remote  offices  — 
including  international  locations  —  for  maximum  data-sharing  efficiency.  Our  domestic  and  international  data 
solutions  can  not  only  meet  your  business  productivity  needs  today  but  also  keep  pace  as  your  enterprise 
grows  globally.  We're  giving  you  the  ability  to  take  on  the  world. 

Let's  make  contact: 

Experience  Sprint  Global  Data  Solutions  at  www.sprintbiz.com/data_solutions  or 
call  1  877  203-7263. 


The  point  of  contact' 


E-Government 


Gfeorge  Molaski,  CIO, 

U.S.  Department  of 
Transportation:  Managers 
in  government  are  not 
rewarded  for  implementing 
“ better Jcheaper,  faster.  ” 


head  of  the  Office  of  Federal  Procurement  Policy 
from  1993  to  1997,  when  agencies  made  their 
first  forays  into  e-commerce.  He  says  agencies 
automated  this  front  end  of  the  procurement 
process  at  the  same  pace  as  the  private  sector.  But 
agencies  are  falling  behind  as  they  try  to  link 
online  order  processing  to  their  financial  and 
inventory  management  systems — and  capture 
the  huge  payoff  from  supply  chain  automation. 

Many  private  sector  companies  haven’t  cracked 
this  nut  yet,  either,  says  Kelman,  but  agencies 
are  at  a  disadvantage  because  their  back-office 
systems  are  older  and  harder  to  upgrade. 

Losing  Momentum 

Molaski  says  the  reason  agencies  have  trouble 
keeping  up  is  that  they  can’t  get  Congress  and 
many  department  executives  to  give  sustained 
attention  to  e-commerce.  The  DOT,  which  is 
made  up  of  14  agencies,  including  the  Federal 
Aviation  Administration  and  the  Coast  Guard, 
has  deployed  three  new  purchasing  systems  since 
1995.  The  department  buyers  regularly  use  credit 
cards  for  routine  purchases,  saving  $43.2  million 
in  1999.  But  even  though  its  official  policy  is  to 
buy  online,  not  everyone  subscribes  to  it.  Two 
agencies,  the  Federal  Railroad  Administration, 
which  has  an  $870  million  budget,  and  the 
National  Highway  and  Traffic  Safety  Administration,  which  has  a 
nearly  $390  million  budget,  aren’t  yet  using  one  of  the  purchasing  sys¬ 
tems.  And  the  DOT  isn’t  keeping  track  of  how  much  it  buys  through 
electronic  methods. 

Federal  agencies 

are  falling  behind  as  they  try  to 
capture  the  huge  payoff  from 
supply  chain  automation. 

Molaski  wants  help.  He  blames  Congress  for  not  giving  his 
department’s  managers  bonuses  if  they  save  money,  and  he  thinks  the 
same  problem  plagues  other  agencies.  “We  need  a  kick,”  he  says. 
“Managers  in  industry  are  rewarded  for  implementing  better, 
cheaper,  faster;  managers  in  government  are  not,”  he  says.  Most 
top  government  executives  are  political  appointees  who  are  judged 
instead  on  the  success  of  their  public  policies.  If  agencies  could  set 


up  objectives,  like  speedier  transactions  or  streamlined  procedures, 
and  be  rewarded  for  meeting  them,  electronic  purchasing  could  be 
the  rule,  rather  than  the  exception,  Molaski  says. 

David  Litman,  a  civil  servant  who  is  the  department’s  senior  pro¬ 
curement  executive,  says  political  leaders  would  rather  fund  proj¬ 
ects  to  improve  transportation  safety  than  fund  ones  for  internal 
efficiency  While  he  didn’t  offer  a  specific  example,  he  notes  that  the 
DOT  built  three  purchasing  systems  because  Congress  wouldn’t  fund 
a  project  to  build  only  one  that  every  division  could  use.  Left  to  its 
own  devices,  each  unit  had  to  decide  how  much  of  its  budget,  which 
is,  by  law,  under  its  own  control,  to  invest  in  e-commerce.  “For 
smaller  agencies,  they  have  to  look  at  what  the  investment  means 
for  them,”  he  says,  and  they  don’t  always  conclude  it’s  worth  the 
money.  Meanwhile,  Litman  says  it’s  taking  time  to  get  buyers — 
whose  work  he  does  not  directly  supervise — to  use  the  new  systems 
because  they’re  reluctant  to  change  their  work  routines. 

Some  analysts  think  a  head  federal  CIO,  a  position  endorsed  by 
President  Bush  and  congressional  Democrats,  could  pave  the  way  for 
agencies  to  pursue  the  full  benefits  of  e-commerce.  (See  “Hail  to  the 
Chief... Information  Officer,”  CIO,  Oct.  15,  2000.)  Rishi  Sood,  a 
principal  analyst  with  Gartner  Dataquest  in  San  Jose,  Calif.,  says 
state  and  local  government  agencies  are  ahead  of  the  feds  in  supply 
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1981: 

In  the  basement  of  this  house,  an  idea  is  born.  There  must  be  a  better  way  to 
manage  the  financial  world  than  paper  and  an  easier  way  to  pay  bills  than  the  paper  check. 


Twenty  years 

and 


of  electronic  transactions  later 

that  simple  idea  has  become  part  of  the  daily  lives  of 
more  than  4,000,000  people  and  thousands  of  organizations. 


The  way  money  mov<  on  the  Web. 
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Financial  e-Commerce  to  People  and  Organizations  Everywhere 


For  information  about  viewing  and  paying  bills  online,  visit  www.checkfree.com 


E-Government 

chain  automation  because  their  efforts  are  better  coordinated.  “At 
the  federal  level,  agencies  are  putting  in  systems  irrespective  of  one 
another,”  says  Sood.  “There  needs  to  be  a  person  who  tries  to  set  a 
strategic  plan  so  that  people  abide  by  it  and  do  it  together.”  Jeremy 
Sharrard,  an  associate  analyst  at  Forrester  Research,  doubts  a  head 
CIO  could  coordinate  the  1,200  federal  agencies.  Still,  he  says,  fed¬ 
eral  agencies  “need  to  streamline  and  realize  volume  discounts. 
Someone  at  the  helm  to  steer  might  be  an  answer.” 

No  One  in  the  Driver  s  Seat 

The  Department  of  Defense  (DOD)  is  a  good  example  of  an  agency 
that  hasn’t  been  able  to  execute  a  strategic  plan  for  e-commerce.  A 
report  last  July  by  the  General  Accounting  Office  (GAO)  said  DOD 
officials  in  charge  of  the  department’s  e-commerce  strategy  had  yet  to 
draft  a  plan  acceptable  to  all  the  military  services  and  agencies.  Such 
a  plan,  the  GAO  noted,  would  allow  agencies  to  share  e-commerce 
systems,  which,  to  date,  they  have  developed  independently.  Fur¬ 
thermore,  the  GAO  said,  the  DOD  CIO  wasn’t  clearly  in  charge  of 
e-commerce,  which  made  it  hard  for  him  to  command  the  rest  of 
the  department  to  go  along  with  these  projects. 

The  GAO  noted  that  the  DOD  has  made  progress  toward  its  goal 
of  paperless  procurement.  In  fiscal  1999,  buyers  used  credit  cards  to 
make  more  than  90  percent  of  purchases  costing 
$2,500  or  less  (the  limit  allowed  under  law).  But 
the  report  noted  there  are  no  reliable  estimates 
of  cost  savings,  partly  because  the  Defense 
Finance  and  Accounting  Service,  which  pays  the 
bills,  didn’t  start  keeping  track  of  how  many 
fewer  paper  invoices  it  has  to  process  until  1998. 

For  more  complicated  transactions,  the  DOD  is 
issuing  nearly  all  of  its  solicitations  and  collecting 
bids  electronically.  But  the  same  success  isn’t  evi¬ 
dent  at  the  back  end.  As  of  December  1999,  the 
report  said,  the  DOD  was  handling  paper  invoices 
and  cutting  checks  for  36  percent  of  its  transac¬ 
tions.  The  DOD  could  be  saving  even  more  up 
front  by  making  more  routine  purchases  through 
its  E-Mail,  a  set  of  online  catalogs  offering  mili¬ 
tary  and  commercial  products,  like  uniforms  and 
office  supplies.  In  1999,  only  $2  million  worth 
of  goods  were  purchased  through  the  E-Mail — a 
tiny  portion  of  the  more  than  $4  billion  market 
the  DOD  anticipated.  (The  DOD  counts  these 
purchases  differently  and  reported  $150  million  in 
E-Mail  sales  out  of  $6  billion  bought  with  credit 
cards  last  year.)  The  idea  of  the  mall  is  to  reduce 
the  cost  of  supplies  through  volume  discounts 
from  preferred  vendors — just  like  private  compa¬ 
nies  do.  But  at  the  time  of  the  report,  the  DOD 
hadn’t  established  many  contracts  with  suppliers. 


The  E-Mail  also  wasn’t  reporting  accounting  and  product  demand 
data  to  the  business  managers  making  the  purchases,  which,  the  GAO 
said,  diminished  its  use,  and  its  benefits  hadn’t  been  quantified. 

Arthur  Money,  DOD  CIO,  concedes  the  E-Mail  numbers  are  still 
low.  But  he  looks  at  the  overall  e-commerce  picture  and  sees  im¬ 
provement.  “Two  years  ago,”  he  says,  “the  automation  of  payments 
was  close  to  nonexistent — other  than  the  issuing  of  paychecks. 
[Buying  with]  credit  cards  started  slow,  then  most  purchasers  gained 
confidence  and  that’s  becoming  more  commonplace  every  day.”  He 
says  the  Army,  Navy  and  Air  Force  are  working  together  to  build 
integrated  purchasing,  financial  and  inventory  systems. 

That’s  overstating  the  services’  collaboration,  says  Christopher 
Baum,  vice  president  for  electronic  government  with  Gartner.  “The 
words  working  together  give  you  the  idea  that  they’re  walking  hand 
in  hand  through  fields.  It’s  more  like  they’re  chained  at  the  wrist,  being 
chased  through  the  woods,”  Baum  says. 

Stan  Soloway,  who  was  the  department’s  deputy  undersecretary  for 
acquisition  reform  until  January,  when  he  became  president  of  the 
Professional  Services  Council,  an  industry  group,  says  there’s  no  doubt 
the  DOD  has  made  progress.  “I’m  equally  certain  taking  advantage 
of  e-commerce  involves  all  the  departments  operating  together  but  dif¬ 
ferently  from  the  way  they  have  historically,”  he  says.  “Implementing 
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successful  e-commerce  requires  everyone — finance, 
contractors,  IT,  procurement — to  work  together.” 

Integration  Frustration 

Government  officials  say  they  also  face  special 
technical  problems.  Until  recently,  e-commerce 
software  like  that  offered  by  Ariba  and  Com¬ 
merce  One  required  extensive  customization  to 
incorporate  procurement  practices  that  are 
unique  to  government,  like  audit  trails  that  pro¬ 
vide  public  accountability  as  to  why  a  particular 
vendor’s  bid  was  accepted.  Early  software  prod¬ 
ucts  were  hard  to  integrate  with  the  agencies’ 
financial  systems,  which  support  government- 
specific  accounting  rules.  “I  don’t  think  [vendors] 
fully  understood  public  sector  purchasing,”  says 
Forrester’s  Sharrard.  “At  first,  I  think  these  com¬ 
panies  were  only  talking  cost  savings;  the  gov¬ 
ernment  wasn’t  interested.” 

But  even  when  software  supports  the  agencies’ 
requirements,  they  don’t  integrate  easily  with  older, 
back-end  systems.  “I  look  at  those  solutions,  and 
they  put  me  in  the  business  of  being  a  system  inte¬ 
grator,”  says  Litman.  “We  need  a  product  where 
they  integrate  it  all  without  me  having  to  do  it.” 

Litman  notes  that  the  DOT  tried  unsuccessfully 
to  link  its  new  purchasing  systems  to  the  old  finan¬ 
cial  systems.  It  didn’t  work,  and  now  the  depart¬ 
ment  is  installing  a  new  financial  system.  Supply  chain  integration  was 
an  impetus  for  buying  the  new  financial  system,  he  says. 

Meanwhile,  Guerra  has  been  working  with  NIH  CIO  Alan  Graeff  to 
expand  the  IntraMall’s  capabilities  to  include  purchases  that  require 
more  approvals  than  the  credit  card  purchases  it  currently  handles. 
One  option  is  to  build  payment  applications  into  the  existing  IntraMall, 

The  question  is 

whether  political  leaders  will 
start  giving  e-commerce  more 
than  lip  service. 

another  is  to  buy  a  new  system  that  includes  purchasing  and  financial 
functions.  A  new  system  could  take  at  least  a  year  to  redesign  all  that  the 
agency  has  done  on  the  IntraMall,  Guerra  says.  “We  could  have  an  inte¬ 
grated  IntraMall  system  up  and  running  in  six  to  nine  months.”  Graeff 
was  unavailable  for  an  interview. 


Now  What? 

Clearly,  the  federal  government  has  to  do  much  more  to  make 
e-commerce  the  rule  rather  than  the  exception.  CIOs  say  they 
believe  full  supply  chain  automation  offers  government  the  same 
bottom-line  benefits  as  it  does  the  private  sector.  The  billions  they 
would  save  could  be  used — depending  on  your  political  philos¬ 
ophy — to  cut  taxes  or  spend  more  money  on  government  pro¬ 
grams.  The  question  is  whether  political  leaders  who  set  agencies’ 
priorities  and  the  rank  and  file  who  would  have  to  use  new  sys¬ 
tems  will  start  giving  e-commerce  more  than  lip  service. 

Guerra  likens  the  impact  of  supply-chain  integration  to  the 
days  when  PCs  landed  on  everyone’s  desk.  “Everyone  asked 
themselves,  ‘Is  this  really  a  benefit?  I  have  to  change  everything. 
Do  I  want  to?’”  she  says.  “From  a  business  perspective,  it  was 
the  right  thing  to  do,  but  that  doesn’t  mean  it’s  easy.” 

Can  they  succeed? 

“I  don’t  think  they  have  any  choice,”  says  Soloway.  QE1 

What  do  you  think?  Send  your  ideas  for  how  government  can  reap  the  ben¬ 
efits  of  supply  chain  automation  to  Senior  Editor  Elana  Varon  at 
evaron@cio.com.  Freelance  Writer  Rebecca  Lynch  can  be  reached  at 
peachy  mama@aol.  com . 


Arthur  Money,  CIO,  U.S. 
Department  of  Defense: 

Buying  with  credit  cards 
is  becoming  common¬ 
place  at  the  DOD. 
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NAPSTER  MAY  be  in  trouble,  but  the  same  tech¬ 
nology  that  has  recording  industry  executives 
quaking  in  their  Gucci  loafers  may  yet  find  a 
home  in  corporate  networks.  “Peer  to  peer  is 
here,”  says  John  Wollman,  senior  vice  president 
of  solutions  at  Alliance  Consulting.  Alliance,  a 
New  York  City-based  IT  consultancy,  is  using 


peer-to-peer  (P2P)  technology  to  tie  its  employ¬ 
ees  and  customers  together  more  tightly  than 
traditional  technologies  ever  allowed. 

Thanks  to  a  highly  efficient  network  architec¬ 
ture — plus  a  ton  of  hype — P2P  is  capturing  the 
attention  of  a  growing  number  of  CIOs.  P2P 
technology  allows  every  server  and  workstation 


peer  to  peer. ..spending  and  staffing.. .middleware. ..digital  signatures 
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on  a  network  to  act  as  servers  to  all  other 
users.  This  means  that  individuals  on  a 
P2P  network  can  freely  share  information 
and  resources,  such  as  applications,  files 
and  storage  devices,  providing  an  unprece¬ 
dented  degree  of  collaboration — or  inti¬ 
macy,  as  Wollman  describes  it. 

But  is  P2P  all  that  it’s  cracked  up  to  be? 
Maybe,  says  James  C.  Smith,  a  senior  ana¬ 
lyst  at  the  Hurwitz  Group,  a  technology 
market  research  company  in  Framingham, 
Mass.  “P2P  builds  on  the  Internet  view¬ 
point  of  decentralized  information  access, 
so  it’s  hard  to  argue  against  an  approach 
that’s  been  so  phenomenally  successful,” 


be  a  particularly  useful  tool  for  organiza¬ 
tions  that  have  widely  dispersed  employees 
and  clients.” 

After  testing  a  P2P  network  for  about 
seven  months,  Wollman  is  convinced  that 
the  technology  is  a  good  investment. 
Alliance  is  using  P2P  technology  developed 
by  Groove  Networks,  a  Beverly,  Mass.- 
based  P2P  software  developer  founded 
by  Lotus  Notes  creator  Ray  Ozzie,  to  in¬ 
terconnect  onsite  workers  and  external 
employees  and  clients.  (Other  major  P2P 
technology  vendors  include  Gonesilent, 
Pointera,  Roku  and  uRoam.)  “Previously, 
we  relied  heavily  on  e-mail,  fax  and  phone 


Perhaps  the  biggest  benefit  P2P  provides 
is  easy,  direct  access  to  information. 


he  says.  Using  millions  of  servers  world¬ 
wide,  the  Internet  has  made  information 
access  easy  and  ubiquitous  from  almost 
anywhere.  On  the  other  hand,  P2P  comes 
with  some  heavy  baggage,  including  per¬ 
formance,  management,  security  and  legal 
concerns.  “What  remains  to  be  seen  is 
whether  the  advantages  will  overwhelm 
the  drawbacks  or  vice  versa,”  says  Smith. 

Affinity  to  Infinity 

Perhaps  the  biggest  benefit  P2P  provides  is 
easy,  direct  access  to  information.  By  using 
P2P  to  create  an  “affinity  community,”  an 
organization  can  allow  employees  and 
other  interested  parties  to  share  a  wide 
array  of  files  on  marketing,  technical  docu¬ 
ments  and  other  key  matters.  In  such  an 
environment,  individuals  cannot  only  view 
content  but  also  move  the  information  from 
a  peer  system  to  their  own  workstations  (in 
the  same  way  a  Napster  user  can  down¬ 
load  a  song  from  a  fellow  user’s  PC).  “If  you 
trade  a  lot  of  information  from  desk  to  desk 
this  could  be  good  for  you,”  says  Malcolm 
Maclachlan,  media  e-commerce  analyst  at 
IDC,  a  technology  research  company  (and 
sister  company  to  C/O’ s  publisher,  CXO 
Media)  in  Framingham,  Mass.  “P2P  can 


calls,”  says  Wollman.  Now,  he  notes,  net¬ 
work  users  have  open  access  to  files,  pro¬ 
posal  development,  job  tracking  and  prod¬ 
uct  management,  all  of  which  add  up  to 
“general  meeting  avoidance.”  “With  peer 
to  peer  we  can  collaborate  more  closely  on 
projects,  which  leads  to  a  very  high  degree 
of  customer  intimacy,”  says  Wollman. 

And  outside  of  a  few  glitches  related 
to  moving  P2P  data  across  a  corporate 
firewall — fixed  by  making  a  few  configu¬ 
ration  changes — Wollman  says  the  tech¬ 
nology  has  worked  flawlessly.  “Nothing 
scary  has  happened  to  us,”  he  says. 
“Stability,  performance  and  scalability 
haven’t  been  problems.” 

Distributing  the  Wealth 

Distributed  computing  is  another  power¬ 
ful  P2P  capability.  P2P’s  resource  sharing 
capability  allows  organizations  to  take 
computers  that  are  sitting  idle  or  wasting 
processing  cycles  on  screen  savers  and  con¬ 
solidates  them  into  a  virtual  supercom¬ 
puter.  Seti@Home  uses  this  technique  to 
search  for  extraterrestrial  life  by  tapping 
more  than  2  million  computer  users  to  ana¬ 
lyze  radio  signals  gathered  by  the  Arecibo 
Observatory  in  Puerto  Rico.  (See  “Waste 


COM-ing  Unix 

The  Open  Group  has  announced 
the  release  of  COMsource  1.1, 
an  open-systems,  Unix-based 
implementation  of  Microsoft’s 
Component  Object  Model  (COM) 
middleware  product  for  Windows. 
With  the  product,  developers  can 
create  COM-enabled  applications 
on  Unix  or  port  their  existing 
Windows-based  COM  applications 
to  Unix.  The  1.1  version  now 
includes  support  for  Windows 
2000,  as  well  as  Windows  NT  4.0 
service  packs  4,  5  and  6. 
Customers  can  also  purchase  a 
support  and  maintenance  service 
contract  for  assistance  in  using 
the  product.  Pricing  begins  at 
$7,000.  For  more  information, 
visit  www.opengroup.org  or  call 
650  323-7992. 


Keyboard  Comfort 

Anyone  suffering  from  aching 
wrists  should  investigate  the  new 
Evolution  Keyboard  series  from 
Kinesis.  Each  half  of  the  asym¬ 
metrically  split  keyboard  can  be 
adjusted  for  tilt,  height  and 
rotation,  allowing  for  users  to 
configure  the  keyboard  for  opti¬ 
mum  comfort.  Keyboards  also 
include  integrated  touchpads, 
eliminating  the  need  to  reach  for 
a  mouse.  Finally,  some  models 
include  a  track  that  attaches 
under  a  user’s  desk,  allowing  for 
quick,  out-of-the-way  storage. 
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9  2000  iVita  Corporation 


www.ivita.com 

1-800-820-0028 

solutions@ivita.com 


generated  $720,000  in  new  value 
for  the  company. 


—  located  $500,000  of  misplaced 
laptop  and  desktop  computers. 


—  redeployed  54  routers  and  20 
switches  from  regional  headquar¬ 
ters  to  local  offices  and  cancelled 
unneeded  purchase  orders. 


—  merged  our  newly  acquired 
subsidiary’s  assets  into  an 
existing  cost  center. 


—  sold  $110,000  of  duplicate  equip¬ 
ment  on  a  global  marketplace. 


And  I  did  it  all  before  lunch. 


e-procurement 


the  iVita  solution  i 


e-disposal 


iVita  bridges  the  gap  between  asset  procurement  and  disposal 
with  a  unique  Asset  Value  Creation  solution.  Now  you  can  leverage  the 
power  and  speed  of  the  Internet  to  manage,  redeploy,  sell,  trade, 
and  donate  your  assets  for  optimal  value. 


Today  I 


\  Emerging  Technology 


Not  Want  Not,”  CIO,  Aug.  1,  2000.) 
Businesses  can  use  the  same  approach  to 
tackle  an  array  of  processor-intensive  tasks, 
ranging  from  analyzing  flu  viruses  to  devel¬ 
oping  complex  financial  models. 

Intel  has  been  using  a  P2P  network  for 
distributed  computing  since  the  early  1990s. 
The  architecture  allows  the  company’s 
California  chip  designers,  for  example,  to 
take  advantage  of  the  abundant  comput- 


P2P  can  fail  to  live  up  to  its  promise.  As 
more  people  access  a  P2P  network,  the 
increasing  traffic  can  bump  up  against  indi¬ 
vidual  machines  that  are  hobbled  by  slow 
Net  connections  or  processors.  Maclachlan 
says  the  ripple  effects  from  these  roadblocks 
can  degrade  network  performance.  “You 
want  to  be  careful  who  you  invite  on  to 
your  P2P  network  for  this  as  well  as  security 
reasons,”  he  says. 


P2P’s  lack  of  security  and  privacy  looms 
as  the  technology’s  biggest  pitfall. 


ing  power  that’s  available  on  their  Israeli 
colleagues’  systems  when  it’s  nighttime  in 
the  Middle  East.  According  to  Intel,  the 
technology  has  helped  the  company  boost 
the  overall  use  of  its  computing  resources 
from  35  percent  to  80  percent  during  the 
past  decade,  saving  the  chip  maker  nearly 
a  half-billion  dollars.  “P2P  helps  organiza¬ 
tions  acquire  more  computing  power  with¬ 
out  buying  expensive  new  hardware,”  says 
Patrick  P.  Gelsinger,  vice  president  and  chief 
technology  officer  of  Intel’s  architecture 
group  in  Beaverton,  Ore.  “It  lets  you  better 
use  what  you  already  have.” 

Few  companies  have  the  internal  com¬ 
puting  resources  of  an  Intel,  so  companies 
such  as  Entropia,  Popular  Power  and 
United  Devices  have  arrived  to  provide  the 
software  and  services  that  allow  organiza¬ 
tions  to  harness  the  underlying  computer 
power  of  everyday  Web  surfers.  “Users  can 
donate  their  spare  computer  time  to  an 
altruistic  endeavor  or  sell  or  barter  time  for 
a  commercial  project,”  says  IDC’s  Maclachlan. 

Peer  to  There 

Critics  warn,  however,  that  the  technology 
shouldn’t  be  viewed  as  a  magic  bullet.  “P2P 
is  a  raw  technology  that  has  a  way  to  go 
before  it  can  enter  the  mainstream,”  says 
Hurwitz’s  Smith.  “As  CIOs  know,  early 
adopters  often  pay  a  high  price  for  their 
boldness.” 

Network  performance  is  one  area  where 


P2P’s  inherent  lack  of  security  and  pri¬ 
vacy  looms  as  the  technology’s  biggest  pit- 
fall,  says  Neil  Ward-Dutton,  a  principal 
consultant  at  Ovum,  a  London-based  tech¬ 
nology  research  company.  “The  idea  of  run¬ 
ning  others’  work  through  your  PC,  and 
vice  versa,  may  not  be  welcome  in  a  busi¬ 
ness  environment,”  he  says.  Ward-Dutton  is 
also  concerned  that  the  wide-open  P2P 
architecture  could  prove  to  be  a  ripe  breed¬ 
ing  ground  for  viruses.  “You  can  restrict 
the  system  so  that  you  can  only  read  files 
and  not  write  to  anything,  but  then  you 
restrict  much  of  P2P’s  advantage,”  he  says. 

System  administration  can  also  be  a 
nightmare,  says  Maclachlan.  “As  an  admin¬ 
istrator,  how  can  you  keep  track  of  versions 
and  authorization  levels  if  everybody  is 
accessing  different  versions  from  other  net¬ 
work  users?”  There’s  also  the  problem  of 
users  distributing  unlicensed  or  illegal  con¬ 
tent  (child  pornography,  for  example). 
“Monitoring  this  activity  is  virtually  impos¬ 
sible,  and  its  existence  could  leave  organi¬ 
zations  open  to  lawsuits  and  legal  charges,” 
says  Maclachlan. 

P2P  vendors  are  aware  of  the  issues,  and 
many  are  working  to  create  solutions. 
Groove  Networks,  for  instance,  let  organi¬ 
zations  create  virtual  workgroups  that  are 
safeguarded  by  a  combination  of  password- 
based  access  control  and  encryption 
technology. 

But  some  P2P  advocates  tend  to  brush 


new  , 

products 


Users  can  also  reprogram  any  of 
the  keyboard’s  keys  and  create 
keyboard  macros  that  play  back 
as  many  as  70  characters  with  a 
single  key  press.  Pricing  begins 
at  $479.  For  more  information, 
visit  www.kinesis-ergo.com  or  call 


800  454-6374. 


Terminal  Management 

Tricerat  has  unveiled  Desk- 
top2001,  a  Windows  thin-client 
server  management  product 
designed  to  work  in  Windows 
2000  Terminal  Services  and  Citrix 
MetaFrame  1.8  environments.  The 
product  is  intended  to  ease  appli¬ 
cation  deployments  by  providing 
a  drag-and-drop  interface  for  con¬ 
figuring  user  desktop  and  start 
menu  items.  At  the  same  time, 
Desktop2001  affords  additional 
security.  The  product’s  integrated 
Thorough  Operation  Restriction 
technology  lets  administrators 
lock  down  user  environments, 
preventing  the  unauthorized  use 
of  Web  applications  and  e-mail 
viruses.  The  product  lists  for 
$1,699  per  server  (discounts  are 
available).  For  more  information, 
visit  www.tricerat.com  or  call 
410  715-4226. 
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PRIORITIES  KEPT  STRAIGHT 

WITH  THE  HELP  OF  PAGING  VOICE  MAIL  ^ MOBILE  WEB  ^ 


M/e  put  together  the  world’s  most  powerful  technologies  in  ways  that  help  you  do  whatever  you  want, 
whenever  you  want.  Visit  verizon.com. 


vemon 

How  to  get  life  done. 


LOCAL  CALLING  PLANS  •  LONG  DISTANCE  *  WIRELESS  SERVICES  -  ONLINE  DSL  *  NATIONAL  411  •  CALLER  ID 
SUPEiPA6ES.COM  •  MOBILE  WEB  SERVICE  -  CALLING  SERVICES  PACKAGES  •  VOICE  MAIL  •  ADDITIONAL  LINES 


aside  these  concerns.  “There’s  nothing 
wrong  with  P2P  that  can’t  be  fixed  or 
worked  around,”  says  Kelly  Truelove,  CEO 
of  Clip2,  a  Palo  Alto,  Calif.,  consulting  and 
software  company  that  works  with  P2P 
developers.  Truelove  is  confident  that  the 
built-in  trust  of  P2P  users  (everyone  purs¬ 
ing  a  common  goal)  and  basic  security  pre¬ 
cautions  (such  as  requiring  each  user  to  run 
an  antivirus  program)  will  take  care  of  most 
P2P  headaches.  He  also  believes  that  some 
of  P2P’s  perceived  problems  simply  aren’t 
based  on  fact.  “Despite  the  virus  concerns, 
I  have  yet  to  read  about  any  widespread 
virus  outbreaks  among  the  millions  of 
Napster  users,”  he  says.  But  Kelly  qualifies 
his  comments  by  noting  that  most  P2P  file 
sharing  apps,  including  Napster  and 
Gnutella,  have  been  used  mostly  for  media 
files,  such  as  video  and  audio — and  such 
formats  are  poor  carriers  of  viruses.  He  cau¬ 
tions  that  widespread  sharing  of  programs 
and  scripts  could  present  a  different  story — 
and  a  different  set  of  problems. 

As  P2P  picks  up  steam,  its  proponents 
feel  that  it’s  only  a  matter  of  time  before 
the  technology  does  become  widespread. 
In  addition  to  the  creation  of  affinity  com¬ 
munities  and  distributed  computing  envi¬ 
ronments,  P2P  is  also  being  touted  for  the 
online  marketing  of  music,  software  and 
other  products  and  services — a  “peer-tail¬ 
ing”  approach  under  which  customers  dis¬ 
tribute  products  and  services — as  well  as  for 
the  rapid  distribution  of  virus  antidotes  and 
software  upgrades  across  corporate  net¬ 
works.  MyCIO.com,  the  Internet  security 
subsidiary  of  Network  Associates,  already 
offers  a  P2P  antivirus  distribution  technol¬ 
ogy  with  its  VirusScan  ASaP  service.  “We’re 
seeing  the  dawn  of  a  new  networking  era,” 
says  Truelove.  “There’s  certainly  plenty  of 
hype  surrounding  P2P,  but  the  hype  is  not 
entirely  unjustified.”  ■ 


John  Edwards’  work  has  appeared  in  The  New 
York  Times,  the  Washington  Post  and  many  other 
publications.  You  can  contact  him  at  jedwards@ 
john-edwards.com.  Research  assistance  provided 
by  Eve  Keiser. 


Still  Growing  Strong 


THE  YEAR  2000  was  a  banner  time  for  IT  spending  and  staff  workloads,  according 
to  the  “2001  Worldwide  IT  Benchmark  and  Trends  Report”  from  Stamford,  Conn.- 
based  Meta  Group.  And  even  economic  slowdowns  and  dotcom  heart  failures  won't 
completely  cap  the  trend  in  the  coming  months. 

The  report,  which  covers  topics  ranging  from  spending  to  staffing  to  productivity, 
states  that  IT  spending  grew  8.7  percent  in  2000.  Report  author  and  research  fellow 
Howard  Rubin  says  that  unless  we  see  some  more  bad  economic  surprises,  Meta 
predicts  a  10  percent  increase  in  overall  spending  in  2001.  But,  Rubin  notes,  that 
won’t  be  the  case  for  every  business  sector.  “We’re  finding  it  happening  on  a  sector- 
by-sector  basis,”  he  says.  Industries  such  as  banking  and  finance  that  have  been  on 
a  spending  roll  will  begin  to  cut  back  slightly,  while  sectors  such  as  media  and  man¬ 
ufacturing  continue  to  increase  spending,  he  predicts. 

The  report  also  indicates  that  IT  managers  are  getting  more  time  for  their  buck 
from  employees.  Working  hours  increased  36  percent  in  the  United  States  in  2000, 
though  Rubin  says  some  of  that  increase  is  because  of  improved  reporting  combined 
with  a  change  in  what  is  defined  as  work— such  as  on-the-job  training.  This  doesn’t 
mean,  however,  that  employees  will  start  living  at  the  office.  Rubin  says  the  situation 
will  stabilize  before  the  IT  shop  and  the  sweatshop  become  indistinguishable. 

-Christopher  Lindquist 
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ILLUSTRATION  BY  CHUCK  RANCORN 


Now,  everything  is  possible. 

Virtual  is  real. 


And  open  is  secure. 


Let  us  now  praise  the  Internet.  It  has  turned  the  dream 
of  truly  open  markets  into  shining,  wealth-creating 
reality.  Buyers  and  sellers  cooperate  instantaneously  across 
oceans,  borders  and  time  zones.  But  to  ensure  confidence, 
e-business  transactions  must  be  sealed  tight  against  uninvited 
intrusion.  That’s  why  Check  Point’s  Secure  Virtual  Network 
solution  incorporates  not  only  the  best  VPN  technology,  but  all 
the  critical  elements  necessary  for  a  secure  Internet  environment. 

Our  SVN  architecture  forms  a  comprehensive  layer  that’s  fully 
aware,  not  just  of  your  extended  network,  but  of  every  user,  system 
and  application  on  it.  Which  explains  why  we  now  have  more  VPN 
installations  than  anyone  else.  Make  sure  your  e-business  is  no  one 
else’s  e-business.  Check  out  www.checkpoint.com  today. 


Nasdaq:  CHKP 

©  2000  Check  Point  Software  Technologies  Ltd. 


Checkpoint 


Software  Technologies  Ltd. 


We  Secure  the  Internet. 
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REVISIT 

middleware 


The  Great  Communicator 


Middleware  has  become  the  glue  that  ties  IT  together 


BY  FRED  HAPGOOD 

FOR  MOST  OF  THE  HISTORY  of  digital 
communications,  the  technology  has  had 
at  least  one  human  in  the  middle  of  the 
loop;  messages  have  flowed  either  from 
one  person  to  another  or  from  a  human 
to  an  application  and  back.  Examples  of 
the  third  possibility — communications 
among  applications — were  rare  and  mar¬ 
ginal.  When  need  did  arise,  developers 
usually  coded  the  required  connections 
on  the  spot,  by  hand. 

In  the  1980s,  however,  real-time  app-to- 
app  communication,  as  expressed  in  sim¬ 
ple  applications  like  file  transfer  protocol 
clients  and  EDI  gateways,  became  impor¬ 
tant  enough  to  attract  the  efforts  of  stan¬ 
dardization  committees.  By  the  end  of  the 
decade  demand  had  grown  to  support  a 
new  industrial  sector  devoted  entirely  to 
products  that  facilitated  this  new  category 
of  network  conversation.  Such  conversa¬ 


tions  included  remote  file  access  systems, 
which  allowed  applications  to  fetch  objects 
(such  as  code,  drawings  and  applications) 
from  other  servers.  Other  examples  in¬ 
volved  data  access  systems,  which  allowed 
a  database  built  with  one  set  of  data  mod¬ 
els,  formats  and  interface  configurations  to 
pull  information  out  of  others  organized 
around  different  assumptions. 

These  new  communication  facilitators 
were  called  middleware.  No  marketing 
exec  would  have  approved  such  a  vague 
and  nondescript  term,  but  it  caught  on  any¬ 
way.  In  1992,  we  ran  a  piece  evaluating  the 
trend.  We  felt  the  importance  of  middle¬ 
ware  was  that  it  allowed  managers 
more  vendor  choices  by  lessening  the  com¬ 
patibility  issues  that  made  mixed,  intercom¬ 
municating  systems  such  a  headache.  (We 
jokingly  called  it  “escapeware.”)  Middle¬ 
ware,  we  wrote,  “offers  users.. .the  freedom 


Port  Authority 

Upgrading  systems  to  handle  the 
latest  peripherals  is  as  easy  as 
adding  Belkin  Components'  new 
FireWire/USB  ComboCard.  The 

Peripheral  Component  Interconnect 
bus  card  includes  three  (one  inter¬ 
nal  and  two  external)  Institute  of 
Electrical  and  Electronics  Engineers 
1394  (FireWire)  ports  and  two  exter¬ 
nal  Universal  Serial  Bus  (USB) 
ports.  The  card  comes  complete 
with  a  pair  of  digital  video  editing 
software  packages  and  supports 
most  standard  USB  and  FireWire 
peripherals,  including  printers,  key¬ 
boards,  disk  drives,  mice,  scanners, 
video  cameras  and  more.  The  card 
lists  for  $109.99.  For  more  informa¬ 
tion  visit  www.belkin.com  or  call 
310  898-1100. 

XML  Does  Linux 

Software  AG  has  announced  that 
its  Tamino  native  XML  database  is 
now  available  for  Suse  Linux’s 
Linux  Enterprise  Server  for  the 
IBM  S/390  mainframe.  According 
to  the  companies,  the  S/390  is 
capable  of  supporting  as  many  as 
30,000  virtual  Linux  servers  at 
one  time,  making  it  suitable  for 
enterprise-class  applications. 
Pricing  is  based  on  the  perform¬ 
ance  level  of  the  system  in  which 
it  will  be  installed.  For  more  infor¬ 
mation,  visit  www.softwareag.com 
or  call  925  242-3700. 


162  CIO  MARCH  1,  2001  •  www.cio.com 


ILLUSTRATION  BY  WHITNEY  SHERMAN 


CONNECT  NOW:  GET  A  $100  REBATE  ON  A  PALM  Vllx  HANDHELD. 

Now  if  you  commit  to  a  year's  service/  you  can  get  a  $100  credit  on  the  wireless 
Palm™  Vllx  handheld.  Discover  how  easy  it  is  to  get  connected  to  work  with  applications 
beyond  email,  like  Travelocity,  Fidelity  and  MapQuest.com.  Customize  your  favorite 


wireless  web  content  with  the  MyPalm™  portal.  Stop  by  a  retailer  today  to  find  out  how 
you  can  take  the  Internet  almost  anywhere.  All  for  a  new  low  price.  Simply  amazing.  Simply  Palm~ 

palm.com 


email, 
scheduling, 
stocks, 
news, 
sales  tracking, 
inventory  access, 
sports, 
maps, 
traffic, 
freedom. 


Available  at:  Office  Depot  Circuit  City  Staples  CompUSA  OfficeMax 


Offer  valid  2/1 5/0 1  —  1 2/3 1/01  and  must  be  redeemed  by  12/31/01.  Rebate  available  only  to  customers  who  purchase  a  Palm  Vllx  handheld  and  open  a  new  Palm. Net*  wireless  account  for  that  device  for  the  term  of 
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to  switch  software  parts  without  undue 
penalties.”  In  other  words,  the  system  itself 
was  fixed;  middleware  simply  opened  up 
more  ways  of  putting  the  pieces  together. 

Middleware  is  a  complexity  tamer.  In 
a  static  world,  where  protocols,  technolo¬ 
gies  and  performance  specifications 
stay  stable,  it  would  not  be  needed. 
Applications  and  operating  systems  could 
be  tuned  to  each  other  as  tightly  as  nec¬ 


course  to  absorb  networking  software 
entirely.  One  popular  genre  is  “applica¬ 
tion  integration,”  using  middleware  to 
combine  applications  across  several  prod¬ 
uct  types  into  a  single  virtual  application. 
(According  to  Gartner,  product  license  rev¬ 
enue  for  integration  broker  suites  came  in 
at  $1  billion  in  2000.)  An  even  more  gen¬ 
eral  use  of  middleware  is  to  build  a  “meta¬ 
application  program  interface”  that  floats 


In  our  world,  interconnection  and 
interoperability  problems  require  their 
own  suite  of  fast-moving  specialists. 


essary.  In  our  world,  interconnection  and 
interoperability  problems  require  their 
own  suite  of  fast-moving  specialists. 

In  the  early  1990s,  the  arrival  of  Win¬ 
dows,  the  general  adoption  of  network¬ 
ing  through  business,  and  the  explosion  of 
client  server  systems  drove  the  middle¬ 
ware  sector  to  expand  into  a  new  range 
of  functions,  including  system  resource 
management,  message  routing,  queuing, 
load  balancing,  delivery  control,  error  re¬ 
covery,  timing  and  security,  including 
authentication  and  authorization.  In 
a  recent  report,  Gartner  found  that  more 
than  95  percent  of  all  distributed  process¬ 
ing  uses  some  form  of  middleware.  “Mid¬ 
dleware  is  the  ‘slash’  in  client/server  sys¬ 
tems,”  observes  David  Linthicum,  chief 
technology  officer  of  middleware  maker 
Saga  Software.  If  nothing  else  had  hap¬ 
pened,  perhaps  over  time  these  feat¬ 
ures  would  have  drained  back  into  apps 
and  operating  systems,  but  in  the  middle 
of  the  decade  another,  even  more  ener¬ 
getic,  wave  of  complexity  arrived  with  the 
need  to  build  network  applications 
that  worked  across  WANs  and  the 
Internet.  Managers  started  to  talk  not  just 
of  three-tier  systems  (app  to  middleware 
to  app  to  middleware  to  app)  but  four- 
and  five-tier  systems.  Middleware  began 
needing  its  own  middleware. 

Today  middleware  seems  almost  on 


above  network  resources,  providing  an 
interface  that  will  look  the  same  year 
after  year,  regardless  of  what  happens  to 
the  mix  of  underlying  apps. 

While  these  meta-APIs  are  often  special¬ 
ized  (for  example,  directory  or  security 
services),  the  trend  seems  to  be  toward 
using  middleware  to  build  a  high-level 
control  console  that  embraces  all  the  issues 
arising  in  network  development.  According 
to  Brad  Rodgers,  director  of  e-business  at 
DMR  Consulting,  a  business  services  con¬ 
sultancy  in  Edison,  N.J.,  this  is  not  just 
programming  by  another  name.  A  meta- 
API  simplifies  and  standardizes  develop¬ 
ment,  making  the  introduction  of 
changes  closer  to  configuring  an  applica¬ 
tion  than  programming  one.  That  change 
demystifies  development,  allowing  closer 
supervision  and  more  management  input 
while  protecting  the  system  from  the  bugs 
and  glitches  that  get  spawned  when  tin¬ 
kering  with  basic  code. 

In  short,  middleware  seems  on  track  to 
take  over  the  heart  of  network  develop¬ 
ment.  Perhaps  in  a  few  years  operating  sys¬ 
tems  and  applications  will  start  to  slip  off 
the  screen  of  concern.  We’ll  know  that’s 
happened  when  people  start  referring  to 
them  dismissively  as  “edgeware.”  ■ 


Send  your  opinions  about  middleware  to  Tech¬ 
nology  Editor  Christopher  Lindquist  at  et@cio.com. 
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products 


Safe  and  Secure 

Network  Flight  Recorder  has 

unveiled  a  new  product  designed 
to  keep  hackers  from  hiding  their 
tracks  after  they  infiltrate  corporate 
networks.  The  product,  NFR 
Secure  Log  Repository,  consoli¬ 
dates  network  log  data  into  a  single 
secure  location,  allowing  network 
administrators  to  review  it  for  clues 
to  possible  break-ins  while  prevent¬ 
ing  hackers  from  being  able  to 
remove  evidence  of  their  actions 
from  the  logs.  Pricing  for  the  prod¬ 
uct  begins  at  $4,500.  For  more 
information,  visit  www.nfr.com  or 
call  240  632-9000. 

Better  Backup 

Businesses  built  around  Microsoft 
Exchange  2000  can  take  advantage 
of  Computer  Associate's  latest 
release  of  its  ArcServe  2000 
Backup  Agent  for  Microsoft 
Exchange.  The  updated  backup 
product  offers  several  new  features, 
including  protection  for  the 
Microsoft  Information  Store,  incre¬ 
mental  and  differential  backups, 
support  for  Microsoft  Exchange 
Clusters,  and  the  capability  to 
browse  multiple  Exchange  servers. 
The  product  is  available  now  for  a 
list  price  of  $395.  For  more  informa¬ 
tion,  visit  www.ca.com/arcserve. 
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WORLD  —  reshaped  by  the  Internet,  e-commerce,  new  technolo¬ 
gies,  global  mergers  and  alliances.  Where  radical 
change  has  caused  continual  shifts  in  an  already  complex  IT  environment.  Where 
traditional  boundaries  have  been  redrawn  or  virtually  erased  between  countries, 
between  cultures,  between  IT  and  the  rest  of  the  organization. 
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Web  site  www.cio.com/conferences,  or  call  our  hotline  at  800  366-0246. 
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and  examine  the  resulting  intersec¬ 
tion  of  IT  with  a  whole  new  host 
of  legal,  ethical,  cultural,  human 
resource,  and  business  issues.  We’ll 
look  at  how  the  near  and  long-term 
future  of  technology  will  only  accel¬ 
erate  these  processes. 

In  this  turbulent  new  world,  we’ll  need  to  continu¬ 
ously  re-evaluate  and  reinvent  —  maybe  even  get  revo¬ 
lutionary.  And  who  better  to  lead  the  revolution  than 
Gary  Hamel,  the  man  The  Economist  calls  “the  world’s 
reigning  strategy  guru.”  Hamel  will  help  us  cross  the 
boundaries  between  old  and  new  ways  of  thinking 
about  strategy  innovation,  wealth  creation,  and  the 
very  process  of  continuous  re-inven- 

ftion.  He’ll  deliver  Tuesday  afternoon’s 

keynote  address,  and  will  be  on  hand 
afterward  during  a  networking  recep¬ 
tion.  Participants  will  receive  a  signed 
k  copy  of  Hamel’s  newest  book,  Leading 

- ■  The  Revolution. 

Joanne  Ciulla,  author  of  The 
Working  Life:  The  Promise  and 
Betrayal  of  Modern  Work,  questions 
where  we’re  heading  as  a  society  — 
and  what  that  means  for  us 


Gary  Hamel 

Author 

Leading  The 
Revolution 


as 


employees  and  employers.  We’ll  examine  how  new 
technologies  are  blurring  the  line  between  our  work 
and  personal  lives. 
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THE  CIO  IN  THE  NEW  WORLD 


era 


Hackers  and  cyber  terrorists  recognize  no 
boundaries.  Stephen  Colo,  CIO  of  the  US 
Secret  Service,  will  continue  our  series  of  dia¬ 
logues  with  The  US  Department  of 
Commerce’s  Critical  Infrastructure 
Assurance  Office  (CIAO)  to 
discuss  what  business  leaders, 

CIOs,  and  government  agencies 
can  and  should  be  doing  to  pro¬ 
tect  against  future  attacks. 

Edward  Nesta,  senior  vice 
president  of  Operations  and 
CIO  of  The  Leading  Hotels  of 
the  World,  suggests  how  we  can 
use  technology  to  level  the  play¬ 
ing  field  when  different  coun¬ 
tries,  cultures  and  personnel  are 
involved  in  selling  and  support¬ 
ing  products  and  services.  Mike 
Ragunas,  CTO  of  Staples.com,  shares  how 
we  can  implement  and  leverage  technologies 
across  sales  channels,  partners,  suppliers  and 
customers  to  improve  service.  NASDAQ’s 
CIO  Gregor  Bailar  and  CTO  Steven  Randich 
exemplify  some  of  the  shifts  taking  place 
within  the  IT  organization,  where  an  increas¬ 
ingly  complex  set  of  responsibilities  demands 
creative  structures.  Conference  moderator 
Dr.  Jim  Wetherbe  provides  practical  insight 
on  rethinking  and  redesigning  organizations 
and  their  boundaries. 

A  panel  of  emerging  market  CIOs  from 


-am** 


Joanne  Ciulla 

Author 

The  Working  Life: 
The  Promise  and 
Betrayal  of 
Modern  Work 


around  the  world,  moderated  by  Martha 
Gorman  of  the  Global  IT  Knowledge  Forum, 
examines  how  we  can  work  together  to  lessen 
the  digital  divide  between  the  technological 
haves  and  have-nots  around  the  world,  and 
why  that’s  critical  to  a  healthy 
global  economy. 

Rick  Richardson,  president  of 
Richardson  Media  &  Techno¬ 
logies,  looks  at  the  new  trends  in 
technology,  and  offers  his  forecast 
for  the  future.  And,  Venture 
OnStageSM,  moderated  by  CIO 
Magazine  Technical  Editor  Chris 
Lindquist,  once  again  brings  five 
visionaries  to  talk  about  what 
their  new  technologies,  products 


*  ■  1 


or  services  can  do  for  CIOs. 


But  don’t  forget  the  fun  stuff: 
Tee  off  Sunday  morning  at  the  Leaderboard 
Classic  Golf  Tournament  hosted  by 
Lockheed  Martin  and  Intira  Corporation. 
Network  Sunday  night  at  the  Welcome 
Reception,  and  then  laugh  ’til  you  hurt  at  an 
Evening  at  the  Improv,  hosted  by 
Information  Builders.  More  activities  will  be 
scheduled  throughout  the  event,  capped  off 
Tuesday  night  by  the  CIO-sponsored 
Reception  and  Dinner  followed  by  Monte 
Carlo:  An  evening  of  High  Rolling,  Cool 
Jazz  &  Sweet  Cigars  hosted  by  Symantec 
Corporation. 


TO  ENROLL,  CALL  800  366-0246,  VISIT  OUR  WEB  SITE  AT  WWW.CIO.COM/CONFERENCES  OR  FAX  US  AT  508  879-7720 


8:00  am  -  1:30  pm 

2:00  pm  -  6:00  pm 
2:00  pm  -  5:00  pm 
6:00  pm  -  8:00  pm 

8:00  pm  -  10:00  pm 

10:00  pm  -  Midnight 


7:30  am  -  8:30  am 
8:30  am  -  8:45  am 


9:30  am  -  10:30  am 


Leaderboard  Classic  Golf  Tournament 
Hosted  by  Lockheed  Martin  and  Intira  Corporation 

Informal  Networking 

Registration 

Registration  &  Welcome  Reception 

Get  connected:  Meet  your  fellow  participants,  featured  presenters,  CIO  staff,  and 
Corporate  Hosts. 

Evening  @  The  Improv 
Hosted  by  Information  Builders 

Back  by  popular  demand,  Information  Builders  presents  "A  Night  at  the  Improv.” 
Join  us  for  an  evening  of  sidesplitting  fun  -  direct  from  the  world-famous  Improv 
Comedy  Club  in  L.A.! 


Hospitalities/Networking 


Breakfast 

Welcome  and  Opening  Remarks 

Gary  Beach 

Group  Publisher 
CXO  Media  Inc. 


Breaking  the  Boundaries 

Moderator: 

Dr.  Jim  Wetherbe 

Professor  of  IT 
Texas  Tech  University 

Most  organizations  are  based  upon  18th  century  accounting  systems  and  19th  and  early 
20th  century  industrial  organizational  structure.  Both  interfere  with  performance  and 
employee  satisfaction.  The  21st  century  knowledge-based  economy  requires  organizational 
design  and  leadership  that  breaks  down  the  borders  between  interorganizational  bound¬ 
aries  similar  to  the  way  business  reengineering  broke  down  the  boundaries  between  intra- 
organizational  functions  in  the  1990’s.  Wetherbe  will  set  the  stage  for  the  conference  and 
provide  practical  insight  on  rethinking  and  redesigning  organizations  and  their  boundaries. 


Integration  across  Enterprises 

Mike  Ragunas 

CTO 

Staples.com 

E-business  is  a  core  component  of  any  business  strategy  today.  For  companies  to  get 
ahead  in  today  s  e-conomy,  e-business  initiatives  must  eliminate  boundaries  to  create  a 
seamless  organization.  Staples  has  been  recognized  for  its  success  in  implementing  and 
leveraging  technologies  that  integrate  information  across  sales  channels  in  its  own  organi¬ 
zation,  with  partners,  suppliers  and  most  importantly,  customers.  This  session  will  discuss 
ideas  on  how  technology  can  drive  your  business  and  how  Staples  has  leveraged  XML 
and  other  technologies  to  successfully  integrate  across  enterprises,  resulting  in  improved 
customer  service. 


Business  Briefings 

Our  Corporate  Hosts  and  their  clients  discuss  technologies  and  services  to  improve  your 
enterprise’s  performance. 


Business  Briefings 


Stephen  Colo 

CIO 

United  States  Secret  Service 


In  the  Internet  world,  hackers  and  cyber  terrorists  recognize  no  boundaries.  Major  hacker 
attacks  are  not  only  becoming  more  prevalent,  but  also  far  more  dangerous  to  business 
and  government.  The  US  Department  of  Commerce's  Critical  Infrastructure  Assurance 
Office  (CIAO)  asserts  that  business  leaders  and  CIOs  need  to  take  more  responsibility  for 
systems  and  information  security  —  but  attacks  will  still  happen.  What  help  is  available 
from  law  enforcement  agencies  and  the  legal  system?  And  how  can  we  help  them  help  us? 


Business  Briefings 


Without  Boundaries:  The  Blurring  Line  Between  Work  and  Life 


Joanne  Ciulla 

Author 

The  Working  Life:  The  Promise  and  Betrayal  of  Modern  Work 


Technology,  the  Internet  and  the  global  economy  have  created  a  24/7  world.  With  laptops, 
cell  phones,  and  a  host  of  other  handy  gadgets,  we  can  now  work  anytime,  from  any¬ 
where.  But  just  because  we  can,  are  we  encouraged  and  expected  to  ...  drag  the  laptop 
with  us  on  vacation,  have  our  office  voice-mail  forwarded  to  our  personal  cell  phones,  be 
virtually  on-call  all  the  time?  The  line  between  work  and  personal  life  gets  blurry.  Are  we 
using  these  technologies  to  enrich  our  employees’  lives  by  giving  them  more  flexibility,  or 
are  we  using  them  to  pull  the  leashes  to  the  office  ever-tighter?  What  can  and  should  we 
be  doing  to  keep  work  from  ruining  our  employees’  lives? 
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-  2:00  pm 


2:15  pm  -  3:00  pm 


3:15  pm  -  4:15  pm 


4:15  pm  -  5:15  pm 


12:45  pm 


Dana  R.  (Rick)  Richardson 

President 

Richardson  Media  &  Technologies 

Today’s  CIO  is  faced  with  an  ever-changing  future.  It  is  one  characterized  by  fewer  tradi¬ 
tional  boundaries  and  being  shaped  by  trends  in  hardware,  software  and  communications. 
Rick  Richardson  will  provide  his  vision  of  both  our  near  and  longer-term  future  as  it 
relates  to  these  trends,  as  well  as  new  and  emerging  technologies  that  will  help  bring 
those  trends  to  reality.  Finally,  Rick  will  put  himself  on  the  line  with  his  forecasts  of  our 
technological  future  and  where  the  new  boundaries  might  be  drawn. 


5:15  pm  -  6:00  pm  Venture  OnStage 


Moderator: 

Christopher  Lindquist 

Technology  Editor 
CIO  Magazine 

Venture  OnStage,  introduced  at  our  October  Perspectives® conference,  was  a  hit  with  the 
audience,  so  we’re  bringing  another  group  of  new  technology  visionaries  to  tell  us  what 
they  think  will  be  the  next  great  thing. 


6:00  pm  -  7:00  pm  Networking  Reception 


7:00  pm  -  Midnight  Hospitalities/Networking 


*CI0  Perspectives  is  a  registered  trademark  of  CX0  Media  Inc. 


TO  ENROLL,  CALL  800  366-0246,  VISIT  OUR  WEB  SITE  AT  WWW.CI0.COM/C0NFERENCES  OR  FAX  US  AT  508  879-7720  5 


TUESDAY,  APRIL  24 


7:30  am  -  8:30  am 


Breakfast 


8:30  am  -  9:30  am 


CIO  vs.  CTO:  Where  Do  the  Boundaries  Lie? 

Gregor  Bailar 

Executive  Vice  President  &  CIO 
The  Nasdaq  Stock  Market,  Inc. 


Steven  Randich 

Executive  Vice  President  &  CTO 
The  Nasdaq  Stock  Market,  Inc. 


9:30  am  -  10:30  am 


m 


10:30  am  -  11:00  am 


There  used  to  be  a  clear  distinction  between  the  CIO  and  CTO  roles.  The  CIO  was  the 
business-savvy  leader  who  helped  the  enterprise  make  wise  technology  investments,  while 
the  CTO  was  the  chief  lieutenant  with  a  keen  eye  on  emerging  technologies  that  might 
help  the  business.  Today  the  boundaries  between  the  roles  have  blurred,  creating  confu¬ 
sion  among  business  leaders:  do  they  need  a  CIO,  a  CTO,  or  both?  At  NASDAQ,  CIO 
Gregor  Bailar  recently  hired  CTO  Steven  Randich.  They  will  discuss  the  distinction  they 
see  between  the  CIO  and  CTO  roles,  the  boundaries  and  overlaps  of  their  day-to-day 
duties,  and  how  other  businesses  might  address  their  own  CIO/CTO  needs. 

Beyond  Borders:  How  Do  We  Level  the  Playing  Field? 

Edward  F.  Nesta 

Senior  Vice  President  of  Operations  &  CIO 
The  Leading  Hotels  of  The  World 

Technology  can  help  level  the  playing  field  when  different  cultures,  countries  and  person¬ 
nel  are  involved  in  selling  and  supporting  a  company’s  product.  CIOs  have  the  responsibil¬ 
ity  for  providing  the  tools,  training  and  infrastructure  that  makes  this  possible  —  and  for 
establishing  and  managing  standards  across  time  zones  and  cultures  to  create  a  consis¬ 
tent  product.  With  the  global  reshaping  that  has  resulted  from  the  distribution  of  technol¬ 
ogy,  the  actions  of  CIOs,  both  economically  and  politically,  are  much  more  visible  on  the 
world  stage.  Their  ability  to  support  their  respective  business  units,  while  also  delivering  a 
uniform  and  consistent  product  in  the  midst  of  these  changes,  is  a  necessity  for  both 
competitive  and  personal  reasons. 

Coffee  Break 


11:00  am  -  11:45  am 


Business  Briefings 


11:55  am  -  12:40  pm  Business  Briefings 


12:45  pm  -  1:45  pm 


Luncheon 


2:00  pm  -  3:00  pm  Narrowing  the  Digital  Divide  -  International  CIO  Panel 

Martha  Gorman 

Co-Founder 

Global  IT  Knowledge  Forum 

Rather  than  create  a  world  divided  into  information  haves  and  have-nots,  we  must  level 
the  playing  field  for  vast  regions  of  the  planet  -  or  risk  losing  the  contributions  they  can 
bring  to  the  global  economy.  One  way  to  accomplish  this  is  bypassing  expensive,  interme¬ 
diate  solutions,  in  a  process  known  as  technological  leapfrogging.  Our  panel  of  CIOs  from 
emerging  international  markets  discuss  how  we  can  work  together  to  create  the  conditions 
needed  to  foster  such  technological  leaps  in  key  industries  and  regions. 

Panelists: 

Luiz  Alberto  Mourelos  Rodriguez,  Director  Tl,  IDICT,  La  Habana,  Cuba 
Manuel  E.  Ruiz  Gutierrez,  MIS  Manager,  Dole  Standard  Fruit  Co.,  Costa  Rica 
Wan  Othman  Wan  Yahya,  CEO,  Integrated  Document  Services,  Kuala  Lumpur,  Malaysia 
Dr.  Ian  Kadish,  IT  Director,  Netcare,  South  Africa 
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00  pm  -  3:45  pm  Business  Briefings 


4:00  pm  -  5:30  pm  Keynote:  Strategy,  innovation  and  Continuous  Reinvention 


Gary  Hamel 

Author 

Leading  the  Revolution,  Competing  for  the  Future 
Visiting  Professor  of  Strategic  and  International  Management 
London  Business  School 


In  an  increasingly  non-linear  world,  only  non-linear  strategies  will  create  new  wealth.  Yet 
few  companies  seem  able  to  spawn  imaginative,  wealth-creating  strategies.  Any  company 
that  wants  to  thrive  in  the  turbulent  new  economy  will  have  to  learn  how  to  harness  the 
passion  and  imagination  of  every  employee  in  the  quest  for  strategy  innovation.  It  will 
have  to  learn  how  to  reinvent  itself  not  once  a  decade,  in  the  midst  of  a  crisis,  but  year  by 
year  while  still  at  the  peak  of  performance.  “Industry  revolutionaries”  are  upending  con¬ 
ventions  and  aggressive  newcomers  are  challenging  the  orthodoxies  of  incumbents.  In  this 
topsy-turvy  environment,  irrelevancy  may  be  a  bigger  risk  than  inefficiency. 


5:30  pm  -  5:45  pm  Closing  Remarks  by  Moderator  Dr.  Jim  Wetherbe 


5:45  pm  -  7:00  pm  Networking  Reception  with  Gary  Hamel 


Dinner 

Hosted  by  CIO 


Monte  Carlo:  An  Evening  of  High  Rolling,  Cool  Jazz  &  Sweet  Cigars 

Boca  Raton  Beach  Club 

Hosted  by  Symantec  Corporation 


The  Boca  Raton  Resort  &  Club  in  Florida 


cloistered  on  356  acres  in  fabled  Palm  Beach 


county,  is  a  welcoming  venue  for  our  CIO 


Perspectives  community.  Spend  some  extra  time  before  or  after  the  conference, 
bring  the  family  —  but  make  your  reservations  now  because  space  is  limited 
and  it’s  prime  vacation  time!  Call  the  resort  at  561  447-3000,  and  don’t  for- 
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ACXIOM  CORPORATION,  a  global 
leader  in  real-time,  multi-channel 
Customer  Data  Integration,  enables 
businesses  to  develop  and  deepen  cus¬ 
tomer  relationships  by  creating  a  single, 
accurate  view  of  their  customers  across 
the  enterprise.  Acxiom  achieves  this  by 
providing  data  integration  technology, 
database  management  services,  and 
premier  customer  content  through  its 
AbiliTec,  Solvitur,  and  InfoBase  prod¬ 
ucts,  while  also  offering  a  broad  range 
of  information  technology  outsourcing 
services.  Founded  in  1969,  Acxiom 
(Nasdaq:  ACXM)  is  based  in  Little  Rock, 
AR,  with  locations  throughout  the  U.S., 
and  with  operations  in  the  United 
Kingdom,  France,  Spain,  Australia, 
and  Japan.  Acxiom  revenues  were 
$964.5  million  in  the  fiscal  year  ended 
March  31,  2000.  For  more  information, 
please  visit  www.acxiom.com. 


Changing  Privacy  Issues  to 
Opportunities 

Given  the  continued  growth  of  e-com- 
merce,  the  proliferation  of  marketing 
databases  and  a  surge  of  negative  media 
attention,  consumer  privacy  concerns 
and  legislation  continue  to  intensify. 
Businesses  must  address  privacy  issues 
quickly  and  legitimately  or  face  the 
prospect  of  additional  governmental 
regulation  and  rising  consumer  distrust. 
How  can  technology  assist  companies 
in  implementing  a  pro-active  consumer 
privacy  strategy?  Customer  Data 
Integration  (CDI)  software  can  help 
companies  honor  individual  privacy 
rights  and  manage  customer  preferences 
by  integrating  customer  data  across  the 
enterprise  —  creating  a  single-view  of 
the  customer  across  multiple  channels. 
This  enables  businesses  to  move  beyond 
privacy  protection  and  toward  consumer 
advocacy.  In  this  session,  you  will  dis¬ 
cover  how  true  consumer  advocacy 
represents  a  significant  opportunity  for 
businesses  to  improve  customer  loyalty, 
boost  retention  and  increase  market 
share. 


AVAYA,  the  former  Enterprise  Networks 
Group  of  Lucent  Technologies,  is  head¬ 
quartered  in  Basking  Ridge,  N.J.,  USA, 
and  is  a  leading  provider  of  communi¬ 
cations  systems  for  enterprises,  includ¬ 
ing  businesses,  government  agencies 
and  other  organizations.  Avaya  offers 
voice,  converged  voice  and  data, 
customer  relationship  management, 
messaging,  multi-service  networking 
and  structured  cabling  products  and 
services.  It  is  a  worldwide  leader  in 
sales  of  messaging  and  structured 
cabling  systems  and  a  U.$.  leader  in 
sales  of  enterprise  voice  communica¬ 
tions  and  call  center  systems.  Avaya  has 
nearly  one  million  business  customers 
in  more  than  90  countries,  including 
more  than  three-quarters  of  the  Fortune 
500.  For  more  information  about  Avaya, 
visit  us  on  the  Web  at  www.avaya.com. 


John  Stevenson 

Vice  President  &  CIO 

Avaya 


Moving  a  Corporation  to  a  Forecasting 
Model  ‘Without  Boundaries’ 

Many  corporations,  even  in  the  new 
millennium,  still  await  information  that 
is  historical  in  nature  before  making 
decisions  that  affect  where  the  corpora¬ 
tion  needs  to  be  prioritizing  its 
resources.  ERP  applications  have  brought 
us  real  time  information  views  across  the 
corporation,  but  is  that  enough?  To  trans¬ 
form  a  corporation  into  a  true  forecasting 
organization  takes  information  tools, 
seamless  integration  and  a  cultural  trans¬ 
formation.  Avaya  is  making  this  transfor¬ 
mation.  It  is  midway  through  the  steps 
on  its  18  month  path  from  history  gather¬ 
ing  to  a  forecasting  view  of  running  its 
business.  This  session  will  focus  on  the 
tools,  activities  and  cultural  boundaries 
encountered  in  this  transformation. 


BLUE  MARTINI  SOFTWARE  provides 
enterprise  software  applications  to 
understand,  target  and  interact  with 
customers.  Companies  deploy  the  Blue 
Martini  Customer  Interaction  System  to 
interact  with  customers  on  the  Web,  via 
call  centers,  in  stores,  over  wireless 
devices,  through  e-mail,  direct  mail  and 
on  marketplaces.  Business  people  use 
the  Blue  Martini  Customer  Interaction 
System  to  manage  products,  content, 
transactions,  analysis  and  personaliza¬ 
tion.  Companies  that  interact  directly 
with  customers  build  their  brands 
more  effectively  than  those  using  only 
traditional  media,  resulting  in  increased 
revenues  across  all  channels. 


Monte  Zweben 

CEO  &  Founder 

Blue  Martini 

Driving  B2B  Revenues:  Direct,  indirect, 
and  Trading  Exchanges 

According  to  AMR  Research,  B2B 
e-commerce  should  reach  $5.7  trillion 
in  2004  or  29%  of  the  dollar  value  of 
all  commercial  transactions.  B2B  e- 
commerce  will  be  huge  and  will  have  a 
significant  impact  on  the  enterprise. 
Thus,  for  most  companies,  it  is  not  a 
question  of  whether  they  must  partici¬ 
pate  in  B2B  e-commerce,  but  one  of 
when  and  how.  But  what  is  B2B  e-com- 
merce?  How  do  you  achieve  the  prom¬ 
ise  of  B2B  e-commerce  while  comple¬ 
menting  your  existing  channel  models? 
Zweben  leads  a  discussion  on  how  to 
enable  contract-based  e-commerce  rela¬ 
tionships  with  your  B2B  customers, 
empower  your  resellers  to  sell  better, 
and  participate  in  trading  exchanges 
without  commoditization. 
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Brio 

Technology 


BRIO  TECHNOLOGY  provides  a  proven 
and  reliable  analytic  software  platform 
that  enables  companies  to  simplify  the 
complex  process  of  using  corporate 
data  to  make  better  day-to-day  deci¬ 
sions.  Brio  ONE  products  empower  indi¬ 
viduals,  workgroups  and  executives  in 
an  organization  to  find,  access,  share, 
manage,  and  exchange  information 
across  an  Internet  enabled  enterprise. 
More  information  can  be  found  on  our 
web  site:  www.brio.com  or  by  calling 
1-877-289-BRIO. 


Katherine  Glassey 

Chief  Strategy  Officer 

Brio  Technology,  Inc. 


Without  Limits: 

A  360°  View  of  Your  Enterprise 


Today's  changing  business  climate 
makes  it  essential  that  information  is 
readily  available  and  in  actionable  form 
at  all  levels  of  the  organization.  As  com¬ 
petition  continues  to  escalate,  both 
large  and  small  companies  are  having 
to  analyze  not  only  external  factors  (i.e. 
competition,  marketshare,  etc.)  but  its 
own  operations,  including  expenses, 
sales,  and  profitability  at  a  departmen¬ 
tal  level.  Looking  at  it  from  a  CIO’s  per¬ 
spective,  this  discussion  highlights  how 
the  market  has  changed,  where  it  is 
going,  and  how  an  organization  can 
become  successful,  one  department  at 
a  time.  Glassey  shares  how  analytics 
are  essential  in  today’s  leading  organi¬ 
zations  to  become  more  efficient  — 
empowering  employees,  partners  and 
customers  with  the  ability  to  access  and 
analyze  business  information. 


♦Candle 


eBusiness  at  the  speed  of  light 


In  business  nearly  25  years,  CANDLE 
CORPORATION  is  one  of  the  world’s 
largest  independent  global  software 
companies  specializing  in  fast,  flexible 
e-business  solutions.  Operating  in  over 
42  countries,  Candle  develops  and 
markets  over  300  products  and  services 
that  enable  companies  to  create, 
integrate,  manage  and  measure  the 
effectiveness  of  their  e-businesses. 
Candle’s  solutions  provide  the  speed, 
agility  and  performance  that  are 
mandatory  for  success  in  the  world 
of  e-business.  Visit  Candle  at 
www.candie.com. 


David  Caddis 

Vice  President  and 
General  Manager  of 
e-Business  Assurance 
Solutions 

Candle  Corporation 


Customer  Service  in  an  e-Business 
World 


As  companies  experience  unprecedented 
online  activity,  CIOs  are  striving  to 
ensure  that  their  Web  site  and  applica¬ 
tions  keep  pace  with  the  fast  moving 
world  of  e-business.  Caddis  will  explore 
best  practices  to  guide  CIOs  in  develop¬ 
ing  a  business  model  for  today’s  ever 
changing  Internet  economy  while  assur¬ 
ing  the  quality  of  service  received  by 
online  customers. 


ChangepoiqtN 


CHANGEPOINT  provides  the  most 
complete  business  process  automation 
solution  for  IT  services  organizations 
to  manage  their  people,  projects  and 
budgets  more  effectively  and  profitably. 
Designed  specifically  to  address  the 
needs  of  IT  professional  services  organi¬ 
zations,  corporate  IT  departments  and 
the  staffing  companies  they  work  with, 
Changepoint  enables  IT  services  organi¬ 
zations  to  better  operate  by  automating 
and  streamlining  critical  business 
processes  for  greater  efficiency,  and 
inter-operate  by  seamlessly  integrating 
and  collaborating  with  staffing  suppli¬ 
ers,  contractors,  clients  and  partners. 


Avery  Cloud 

Vice  President  and  CIO 

INTEGRIS  Health 

Courtesy  of 
Changepoint 


The  Changing  Role  of  IT  in  Today’s 
Corporate  Culture 


In  today’s  information  technology  age, 
the  IT  department  is  not  only  relied 
upon  to  support  the  business,  but  to 
drive  the  business  forward.  Cloud  offers 
his  insight  on  the  ways  that  IT  now  fits 
into  the  corporate  culture,  touching  on 
how  the  relationship  of  professionals 
and  the  business  operators  has  evolved 
over  his  25  years  of  IT  experience. 

Cloud  will  share  some  of  his  experi¬ 
ences  on  the  role  of  technology  in  shap¬ 
ing  the  business  plan  and  how  that  role 
should  be  defined,  as  well  as  outlining 
the  new  structure  that  IT  organizations 
must  adopt. 
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Chordiant 


CITRIX 


EPIPHANY 


CHORDIANT  delivers  a  unified  CRM  (cus¬ 
tomer  relationship  management)  solution 
for  companies  with  extreme  customer 
demands  in  terms  of  volume,  complexity 
and  scope.  By  integrating  multiple 
sources  of  information  across  an  enter¬ 
prise,  Chordiant  Unified  CRM  Solution 
provides  a  comprehensive,  single  view  of 
the  customer  to  ensure  personalized  one- 
to-one  service.  Regardless  of  the  point  of 
customer  contact  —  email,  telephone, 
wireless  device,  Internet  —  companies 
can  make  the  most  of  every  customer 
interaction,  increase  retention,  grow  rev¬ 
enues  and  drive  profits. 


Stephen  Kelly 

President  and  Chief 
Operating  Officer 

Chordiant  Software,  Inc. 


Customer  Relationship  Management: 
It’s  Not  Just  Software 

Achieving  Intelligent  Customer 
Communications  Management 

The  typical  customer  service  experience 
has  died  under  the  weight  of  mass  con¬ 
sumption  and  new  e-Business  distribu¬ 
tion  channels.  Worldwide,  the  burden 
of  inbound  customer  service  requests 
threatens  to  bury  companies  facing 
extreme  IT  demands.  In  this  hostile 
environment,  proper  management  of 
each  and  every  customer  interaction 
has  never  been  more  critical  to  survival. 
Meeting  these  challenges  head-on,  many 
European  consumer  businesses,  such  as 
banks  and  financial  services  companies, 
are  leading  the  way  in  exceeding  cus¬ 
tomer  expectations.  In  Europe,  where 
CRM  is  considered  a  business  strategy 
enrolling  the  use  of  an  IT  architecture  to 
deliver  this  capability,  it  is  referred  to  as 
“Intelligent  Customer  Communications 
Management.”  In  his  presentation,  Kelly 
will  describe  this  architecture  and  illus¬ 
trate  its  use  with  real  case  studies  of 
major  European  companies  with  which 
he  has  worked. 


CITRIX  SYSTEMS,  INC.  is  a  global 
leader  in  application  server  software  and 
services  that  offer  "Digital  Independence" 
—  the  ability  to  run  any  application  on 
any  device  over  any  connection,  wireless 
to  Web.  Citrix  solutions  enable  organiza¬ 
tions  of  all  types,  from  enterprises  to 
application  service  providers  (ASPs),  to 
reach  more  users  with  more  applications, 
and  achieve  this  with  greater  speed,  pre¬ 
dictability  and  cost-effectiveness.  Citrix 
offerings  include  MetaFrame  application 
server  software,  NFuse  application  portal 
software,  Management  Services  products 
and  independent  Computing  Architecture 
(ICA),  a  core  application  server  technolo¬ 
gy.  Citrix  is  headquartered  in  Fort 
Lauderdale,  FL, 


Digital  Independence  through 
Application  Server  Solutions 

By  overcoming  the  traditional  con¬ 
straints  and  complexities  of  e-business 
technology,  CIOs  have  the  power  to 
reach  more  users,  with  more  applica¬ 
tions,  than  ever  before.  By  having  the 
ability  to  run  any  application  on  any 
device  with  any  connection,  wireless  to 
Web,  CIOs  may  increase  speed  of  oper¬ 
ations  with  greater  predictability  and 
lower  costs.  As  a  result,  organizations 
can  compete  most  effectively  in  today’s 
digital  age  —  a  dynamic  age  of  e-busi¬ 
ness,  the  Internet  and  the  continual 
addition  and  evolution  of  new  applica¬ 
tions,  devices  and  services. 


E.PIPHANY  is  a  leading  provider  of 
intelligent  customer  interaction  software 
for  the  Customer  Economy.  By  providing 
an  integrated  suite  of  software  solutions, 
E.piphany  E.5  blends  web-based 
analytic  and  operational  CRM  to  unify 
all  inbound  and  outbound  marketing, 
sales  and  customer  service  interactions. 
E.piphany  E.5  enables  a  single, 
enterprise-wide  view  of  each  customer 
to  help  global  businesses  better  under¬ 
stand  and  proactively  serve  customers 
in  real  time.  With  worldwide  headquar¬ 
ters  in  San  Mateo,  CA,  E.piphany  has 
regional  operations  and  offices  through¬ 
out  the  U.S.,  Europe  and  Asia  Pacific. 


Bill  Walsh 

Executive  Vice  President  and  General 
Manager,  International 

E.piphany 

CRM:  A  Technology  without 
Boundaries 

Today’s  Customer  Economy  is  a  global 
force,  and  companies  with  operations 
around  the  world  are  using  CRM  for 
competitive  advantage.  In  its  own  global 
expansion,  E.piphany  has  uncovered 
that  each  global  market  has  a  different 
business  requirement,  and  these  differ¬ 
ent  regions  are  approaching  CRM  in  a 
variety  of  ways.  In  this  session  you  will 
learn  how  to  globalize  your  CRM  efforts, 
what  the  leading  customer-centric  busi¬ 
ness  requirements  in  major  global  mar¬ 
kets  are,  and  hear  remarkable  success 
stories  about  leading  global  companies. 
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EDS,  the  leading  pure-play  global  serv¬ 
ices  company,  provides  strategy,  imple¬ 
mentation  and  hosting  for  clients  man¬ 
aging  the  complexities  of  the  digital 
economy.  We  bring  together  the  world’s 
best  technologies  to  address  our  clients’ 
critical  business  imperatives.  We  help 
clients  eliminate  boundaries,  collaborate 
in  new  ways,  establish  their  customers' 
trust  and  continuously  seek  improve¬ 
ment.  In  fact,  everything  we  do  helps 
enterprises  win  in  the  digital  economy. 
We  serve  the  world’s  leading  companies 
and  governments  in  about  55  countries. 
Learn  more  about  us  at  www.eds.com. 

Dr.  A.  Reza  Jafari 

President  of  the  EDS 
Communications, 
Entertainment  and 
Media  Global  Industry 
Group 
EDS 

Mobility:  The  Engine  that  Drives  the 
Digital  Economy 

For  more  than  a  year,  we’ve  been  hear¬ 
ing  about  "mobile"  communications  — 
the  ability  to  stay  connected  anytime, 
anywhere  and  any  way.  Yet,  amidst  the 
hype  and  confusing  claims,  many  are 
missing  the  opportunity  to  fully  harness 
the  power  of  mobility.  Dr.  Reza  Jafari 
will  discuss  what  it  takes  to  succeed  in 
the  digital  economy  through  full-fledged 
mobility.  He  will  cover  the  value  of  a 
viable  business  value  chain  and  the 
importance  of  scope  and  scale  in  meet¬ 
ing  the  needs  of  businesses  and  cus¬ 
tomers  alike.  Through  a  discussion  of 
real-life  examples,  session  participants 
will  learn  how  to  achieve  digital  free¬ 
dom  through  a  spectrum  of  capabilities 
using  wireless  and  wireline  transmission 
—  at  work,  home  and  play. 


HEWLETT-PACKARD  COMPANY  -  a 

leading  global  provider  of  computing 
and  imaging  solutions  and  services  — 
is  focused  on  making  technology  and 
its  benefits  accessible  to  individuals  and 
businesses  through  simple  appliances, 
useful  e-services  and  an  Internet  infra¬ 
structure  that’s  always  on.  HP  has 
88,500  employees  worldwide  and  had 
total  revenue  from  continuing  opera¬ 
tions  of  $48.8  billion  in  its  2000  fiscal 
year.  Information  about  HP  and  its 
products  can  be  found  on  the  World 
Wide  Web  at  www.hp.com. 


Rich  Raimondi 

Vice  President  and 
General  Manager, 
E-services. Solutions 

Hewlett-Packard 
Company 

How  to  Capitalize  on  E-Services 

E-services  are  the  next  big  Internet 
wave.  Quickly  growing  in  popularity, 
these  services  consist  of  software,  com¬ 
puting  resources,  information,  business 
processes,  and  any  other  asset  that  a 
company  can  digitize  and  deliver  over 
the  Internet.  Raimondi  will  discuss  how 
forward-thinking  companies  are  capital¬ 
izing  on  e-services  to  quickly  generate 
new  revenue  streams  and  lower  costs. 
He’ll  explain  how  the  spread  of  mobile 
information  appliances  is  creating  a 
lucrative  market  for  mobile  e-services. 
Raimondi  will  also  consider  the  role 
that  partner  ecosystems  play  in  e-serv- 
ices  and  will  discuss  the  importance  of 
an  always-on  infrastructure  to  deliver 
those  e-services. 


INFORMATION  BUILDERS  helps  lead¬ 
ing  organizations,  including  92  of  the 
Fortune  100,  drive  operations  and  maxi¬ 
mize  opportunities  through  the  power  of 
information.  We  provide  the  only  com¬ 
prehensive  business  intelligence  soft¬ 
ware  solutions  with  built-in  access  to 
any  data  and  the  ability  to  handle  all 
enterprise  reporting  requirements, 
including  portals,  OLAP,  ad  hoc,  and 
information  broadcasting.  Our  solutions 
enable  organizations  to  transform  them¬ 
selves  to  e-businesses  more  quickly  and 
cost-effectively  by  integrating  core  busi¬ 
ness  systems  and  data,  including  legacy 
and  ERP,  with  new  technologies  such  as 
wireless  and  XML,  for  the  rapid  develop¬ 
ment  of  B2B,  B2C,  CRM,  and  intranet 
systems.  For  more  information,  visit  us 
at  www.informationbuilders.com. 


Michael  Corcoran 

Vice  President  of 
Marketing 

Information  Builders 


i-Business  Intelligence:  Today’s 
Strategic  Weapon 

e-Business  is  a  given.  i-Business  is  the 
challenge.  Most  organizations  spend  bil¬ 
lions  collecting  data,  only  to  use  less  than 
7%.  Market  leaders  will  be  those  that 
move  closest  to  100%.  The  business  of  the 
future  acts  quickly,  anticipating  change 
and  improving  business  processes.  With  i- 
Business,  you  can  not  only  automate  busi¬ 
ness  processes,  you  can  improve  them. 
How  much  more  intelligent  can  you  make 
your  business  processes?  How  much  more 
insight  can  you  give  your  managers  and 
employees  into  the  business  so  they  can 
take  effective  action?  How  much  more 
integrated  can  you  make  your  supply  chain 
and  enterprise?  How  much  more  interac¬ 
tive  can  you  be  with  your  customers?  Hear 
how  leading  organizations  are  dealing  with 
these  challenges  by  providing  information 
to  their  managers,  partners,  customers  — 
including  mobile  users. 
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For  over  three  decades,  INTEL 
CORPORATION  has  developed  technol¬ 
ogy  enabling  the  computer  and  Internet 
revolution  that  has  changed  the  world. 
Intel  is  at  the  forefront  as  a  primary 
building  block  supplier  for  the  Internet 
economy.  Today,  companies  incorporate 
Intel  architecture-based  solutions  across 
their  connected  business  and  IT  envi¬ 
ronments  to  create  successful 
e-Business  infrastructures:  from  Internet 
servers  to  data  center  systems,  desk¬ 
tops  to  workstations,  and  laptops  to 
network  PCs  and  online  services.  For 
more  information  on  Intel  and  its  role 
in  e-Business,  visit  us  on  the  web  at 
www.intel.com/ebusiness. 


INTEL  ONLINE  SERVICES  provides 
global  web  services  that  manage  the 
complexities  of  e-Business  computing. 
We  focus  on  delivering  a  better  overall 
customer  experience  by  combining 
integrated  technologies  and  proven 
processes  to  provide  services  with 
built-in  reliability,  scalability  and 
optimal  performance.  We  offer  a  broad 
spectrum  of  services,  including  man¬ 
aged  web  hosting,  database  hosting, 
application  hosting,  caching  and 
streaming  media,  backup  and  recovery, 
scalable  data  storage,  and  global  serv¬ 
ice  delivery  and  load  balancing.  Visit 
www.inteloniineservices.com. 


Carol  Lee  Cobb 

eMarketing  Strategist 

Intel  Corporation 


Renee  James 

World  Wide  Director  of 
Marketing  and  Customer  Services 

Intel  Online  Services 

An  Integrated  Approach  to 
Outsourcing  e-Business 


The  Critical  Challenge  of  Customer 
Service 

With  the  Internet  driving  an  increased 
demand  for  personalized  service, 
instant  information  and  collaboration, 
customer  service  has  become  a  critical 
challenge  in  the  Internet  economy. 
However,  customer  service  is  often  not 
given  the  same  high  priority  as  other 
mission-critical  business  issues.  But 
how  do  you  implement  a  customer-cen¬ 
tric  e-business  solution  in  this  demand¬ 
ing  environment?  What  is  possible  with 
today’s  technologies?  We'll  explore 
three  real-world  case  studies  that  illus¬ 
trate  how  e-business  companies  and 
customers  are  implementing  customer¬ 
centric  solutions  to  solve  real  business 
problems  today.  A  proof-of-concept  pro¬ 
totype  of  a  customer-centric  e-business 
solution  will  be  shown  and  distributed 
to  each  participant. 


The  Internet  is  now  reaching  out  to 
every  corner  of  the  planet  touching 
billions  of  people  and  businesses,  and 
maturing  at  an  incredibly  rapid  pace. 

The  Internet’s  many  facets  —  network 
infrastructure,  ISPs,  ASPs,  hosting, 
servers,  clients  and  services— are  begin¬ 
ning  to  move  toward  specialization  as 
various  companies  develop  areas  of 
core  competency  in  specific  service 
segments.  With  this  development  comes 
new  challenges  and  new  opportunities. 
Intel®  Online  Services  provides  global 
web  services  that  manage  the  complexi¬ 
ties  of  e-Business  computing.  We  focus 
on  delivering  a  better  overall  customer 
experience  by  combining  integrated 
technologies  and  proven  processes  to 
provide  services  with  built-in  reliability, 
scalability  and  optimal  performance. 

By  offering  outsourced  e-Business  solu¬ 
tions  using  best-in-class  applications, 
we  fill  the  void  left  by  the  specialization 
trend  in  the  market. 


KINTANA:  Powering  Business 
Transformation  with  Technology  Chain 
Automation.  Kintana  provides  an  enter¬ 
prise  application  bringing  speed  and 
control  to  business  initiatives  and  tech¬ 
nology  operations.  More  than  200  lead¬ 
ing  companies  use  Technology  Chain 
Automation  from  Kintana  to  automate 
business  and  technology  processes, 
gain  real-time  visibility  and  control  of  IT 
initiatives  and  leverage  their  technology 
investments.  The  results?  In  a  few 
weeks,  tenfold  speed  and  productivity 
gains  in  IT.  Please  visit  www.kintana.com 
or  see  us  at  CIO  Perspectives. 


Andy  Starr 

Director  of  Information 
Technology 

Cisco 

Courtesy  of  Kintana 


Cisco’s  Approach  to  Business 
Transformation;  Powering  the  Cisco 
Connection  Online  with  Kintana 

Ninety  percent  of  Cisco  orders  are 
processed  through  a  critical  e-com¬ 
merce  application  called  Cisco 
Connection  Online.  It  brings  together 
400  content  developers,  700,000  data 
files,  and  175  applications  to  generate 
$55  million  in  revenue  every  day. 
Managing  CCO  is  an  enormous  chal¬ 
lenge.  Gaining  visibility  and  control  over 
the  site's  ongoing  initiatives  and  opera¬ 
tions  is  key  to  success.  Cisco  worked 
with  Kintana,  creators  of  technology 
chain  automation,  to  achieve  secure, 
systemized  processes,  self-service 
reviews  and  approvals,  and  automated 
deployment  of  new  site  features.  This 
has  allowed  Cisco  to  reduce  the  size  of 
the  site's  management  team  by  25  per¬ 
cent,  even  while  revenues  through  CCO 
have  quadrupled.  Starr  tells  how  Cisco 
transformed  one  of  the  world's  largest 
e-commerce  sites. 
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LEGATO  SYSTEMS,  INC.  (NASDAQ; 
LGTO),  is  a  worldwide  leader  in  enter¬ 
prise  storage  management.  Helping 
companies  leverage  business-critical, 
corporate  data  assets,  Legato’s  products 
and  services  enable  information  contin¬ 
uance,  a  seamless  approach  to  the 
movement,  management  and  protection 
of  data  throughout  an  enterprise. 
Founded  in  1988,  Legato  serves  Fortune 
1000  companies  and  has  become  the 
recognized  industry  standard  for  storage 
management  software  products,  cur¬ 
rently  shipping  to  30  of  the  50  Fortune 
e-50  top  businesses.  Legato  is  a  found¬ 
ing  member  of  the  Storage  Networking 
Industry  Association. 


George  Symons 

Vice  President,  Product 
Development 

Legato  Systems 


Information  Availability  Requirements 
for  the  Enterprise  Service  Provider 


NETSCOUT  SYSTEMS,  INC.  is  the 

leading  provider  of  infrastructure  per¬ 
formance  management  solutions  for 
leading  companies  and  service 
providers  worldwide.  Headquartered  in 
Westford,  Massachusetts,  NetScout 
serves  approximately  half  of  the  Fortune 
500  with  offices  in  North  America, 
Europe  and  Asia.  NetScout’s  flagship 
solution  is  the  nGenius™  Performance 
Management  System,  a  suite  of  network 
management  software  and  hardware 
products  that  optimize  the  performance 
of  the  network  and  its  ability  to  deliver 
applications  and  content  to  end-users. 
For  more  information  on  NetScout  go 
to  www.netscout.com 


Bruce  Kelley 

Vice  President 
Engineering 

NetScout  Systems,  Inc. 


The  Top  Five  Secrets  of  Making  Your 
Network  Infrastructure  Investment  Pay 


PROSIGHT  combines  a  suite  of  IT  man¬ 
agement  applications  and  services  with 
just-in-time  information  to  enable  IT 
executives  to  effectively  choose  and 
execute  an  IT  investment  strategy  that 
increases  the  value  to  the  businesses 
they  serve.  ProSight’s  software  allows  IT 
managers  to  automate  key  IT  processes 
such  as  portfolio  management  and  life 
cycle  management.  At  the  same  time, 
ProSight’s  applications  are  communi¬ 
cating  critical  real-time  measures  of  IT 
performance  and  integrating  practical 
knowledge  to  support  timely  decisions. 
All  of  this  puts  the  CIO  and  senior  IT 
team  in  control  of  the  resources  under 
their  command.  Learn  more  about 
ProSight  by  visiting  www.prosight.com. 

John  Cimral 

CEO 

ProSight  Inc. 

Eric  Nagel 

Senior  Vice  President, 
Domestic  Operations 

ALLTEL  Information 
Services 


This  talk  discusses  the  transition  enter¬ 
prise  IT  organizations  are  going  through 
to  deliver  on  service  level  objectives. 
These  IT  organizations  are  feeling  pres¬ 
sure  from  internal  customers  to  commit 
to  service  level  objectives  in  the  same 
way  that  service  providers  are  beginning 
to  do.  In  addition,  market  trends  and 
the  challenges  of  a  multiple  platform 
open  systems  environment  and  the 
complexities  it  brings  are  discussed. 
Finally,  a  set  of  criteria  is  presented, 
including  short-term  and  long-term 
strategies,  along  with  product  function¬ 
ality  so  companies  can  meet  service 
level  objectives  easier. 


Why  is  network  management  suddenly 
so  HOT?  With  the  Internet  a  widespread 
means  of  conducting  business,  the  per¬ 
formance  of  the  network  infrastructure 
is  now  top  of  everyone’s  mind.  In  fact, 
recent  studies  indicate  that  networking 
infrastructures  now  rank  among  the  top 
expenditures  for  any  leading  business. 
However,  the  challenge  of  deriving  value 
from  this  spending  remains  huge.  How 
do  you  maximize  the  performance  of 
this  complex  network  environment 
while  delivering  greater  returns  on  your 
investment?  In  this  session,  Kelley  will 
address  the  top  issues  facing  CIOs 
today  in  managing  their  e-business 
networks.  He  will  discuss  the  pros  and 
cons  of  instrumenting  a  network,  how  to 
use  key  business  metrics  that  measure 
overall  performance,  and  how  to  tap 
into  valuable  network  data  sources  that 
can  lower  total  cost  of  ownership. 


In  Search  of  Ariadne’s  Thread:  How 
One  Information  Services  Company’s 
Unique  Implementation  of  IT 
Management  Software  Enabled 
Effective  Client  Health  Assessment 

Similar  to  Theseus  following  the  golden 
thread  left  by  Ariadne  to  lead  him  out 
of  the  labyrinth,  companies  today  are 
searching  for  that  “golden  thread”  to 
lead  them  through  the  labyrinth  to 
effective  assessment  of  their  service 
level  to  their  customers.  ALLTEL 
Information  Services  (Telecom  Division) 
implemented  ProSight’s  IT  Management 
application  to  automate  IT  performance 
management  and  enabled  them  to 
dynamically  assess  the  “health”  of  each 
of  their  many  clients.  This  ability  has 
allowed  ALLTEL  to  lower  the  cost  of 
service  assessment,  proactively  respond 
to  “health”  issues  in  a  quicker  fashion, 
and  provide  insight  into  service  dimen¬ 
sions  previously  unseen. 
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Seryicewore 

SERVICEWARE  is  a  leading  provider 
of  Web-based  solutions  for  enterprise 
service  and  support,  which  enable 
organizations  to  win  on  service  in 
the  competitive  world  of  eBusiness. 
ServiceWare  delivers  a  comprehensive, 
integrated  family  of  eService  solutions 
that  enable  organizations  to  easily  pro¬ 
vide  customers  with  fast,  accurate 
answers  to  inquiries  via  Web,  e-mail, 
phone,  fax  or  in-person.  Based  on 
ServiceWare’s  robust  knowledge  base 
and  patented  Cognitive  Processor™, 
ServiceWare’s  eService  Suite™  enables 
customers  to  build  service  destinations 
for  eBusiness. 

BMark  Tapling 

President  &  CEO 
ServiceWare 

The  New  Definition  of  Customer 
Service 

As  use  of  the  Internet  expands,  so  does 
customer  service  delivery.  Successful 
companies  must  expand  their  vision  of 
customer  service  by  not  only  applying 
intervention  to  address  broken  business 
processes,  but  by  providing  customers 
with  the  tools  they  need  to  be  self-suffi¬ 
cient,  and  facilitate  the  speed  of  collab¬ 
orative  business.  Concurrently,  low 
switching  costs  and  fleeting  customer 
loyalty  require  that  companies  broaden 
their  definition  of  the  “customer”  to 
include  everyone  that  affects  their  busi¬ 
ness  —  employees,  partners  and  share¬ 
holders.  This  presentation  offers  Tapling 
as  an  expert  on  the  changing  definition 
of  customer  service  today  while  raising 
the  question:  what  will  customer  service 
look  like  in  2010? 


Founded  in  October  1999,  SITESMITH 
is  the  leading  provider  of  comprehensive 
Internet  infrastructure  managed  services. 
The  company  develops  and  manages 
large-scale,  complex  Internet  sites  for 
Global  2000  companies  to  ensure  per¬ 
formance,  reliability,  security  and  scala¬ 
bility.  Providing  a  complete  and  flexible 
Internet  infrastructure  solution,  SiteSmith 
Operations  Platform  automates  the  criti¬ 
cal  elements  of  site  management  includ¬ 
ing  security,  24x7  monitoring,  network 
redundancy  and  backup.  The  company 
has  its  U.S.  Headquarters  in  Santa  Clara, 
CA  and  its  European  Headquarters  in 
London.  Information  about  SiteSmith’s 
services  and  world-wide  office  locations 
are  available  on  the  World  Wide  Web  at 
www. sitesmith.com 


The  Promise  of  Managed  Services 

Does  the  management  and  architecture  of 
your  Web  site  give  you  a  business  advan¬ 
tage  over  your  competition?  In  choosing 
where  to  host,  what  technologies  to  run 
and  which  MSP  to  handle  the  delicacies 
of  your  site,  you  are  deciding  your  online 
fate.  Ryan  will  explore  the  different  offer¬ 
ings  in  the  managed  service  space,  and 
try  to  answer  some  of  the  questions 
you’re  facing:  Is  a  co-location  facility 
equipped  to  handle  the  24x7  management 
needs  of  a  Global  2000  Web  site?  Why  do 
the  various  MSPs  bring  such  differing  per¬ 
spectives  about  how  to  architect,  manage 
and  scale  a  site?  And,  are  the  co-location 
providers  and  MSPs  fulfilling  the  promises 
they  make  to  their  clients?  As  we  explore 
these  questions,  it  will  become  evident 
that  the  promise  of  monitoring,  high  avail¬ 
ability,  site  architecture,  an  operating  plat¬ 
form,  security  and  backup  can  have  vastly 
different  connotations  —  and  a  real  impact 
on  business  advantage. 


TRIPWIRE,  INC.  is  the  leading  provider 
of  data  and  network  integrity  solutions  for 
Global  3000  companies  and  e-business 
corporations  as  well  as  key  public  sector 
organizations.  Tripwire  enterprise  software 
provides  the  foundation  upon  which  secu¬ 
rity,  network  management  and  risk  man¬ 
agement  strategies  are  built.  It  ensures 
that  organizations  can  be  confident  in  the 
integrity  of  all  “data  at  rest”  in  their  net¬ 
work  (source,  destination,  and  all  stops 
in  between.)  Tripwire  customers  include 
Intuit,  AT&T,  Ernst  &  Young  and  the  U.S. 
House  of  Representatives.  Tripwire  is 
headquartered  in  Portland,  Oregon  with 
offices  in  Silicon  Valley,  CA,  and  15  coun¬ 
tries  around  the  world.  For  more  informa¬ 
tion  about  Tripwire,  please  visit  our  Web 
site  at  www.tripwire.com. 

Charles  Kolodgy 

Research  Manager 

International  Data 
Corporation  (IDC): 
Internet  Security 
Program 

Prashant  Dubey 

Vice  President 

Marketing  &  Business  Development 

Tripwire,  Inc. 

How  CIOs  Can  Invoke  Trust  in  IT:  Data 
and  Network  Integrity 

Cyber  terrorism  and  hacker  attacks  have 
been  a  subject  of  media  hype,  and  grand 
IT  compromises  have  been  highlighted 
for  all  in  the  industry  to  see.  An  IT  infra¬ 
structure  that  does  not  have  integrity 
can  result  in  economic  loss  or  even  loss 
of  market  perception  that  can  be  a  “bet 
the  company”  situation.  In  this  session 
Kolodgy  will  describe  the  “state  of  the 
state”  of  Information  Security  and  talk 
about  progress  made,  challenges  ahead 
and  CIO  strategies  to  overcome  them.  In 
addition  he  will  discuss  the  concept  of 
Data  and  Network  Integrity  (DNI)  and 
how  it  is  a  foundation  for  an  information 
security,  network  management  and  risk 
management  strategy. 
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INTIRA  CORPORATION  is  a  leading 
e-business  infrastructure  outsourcing 
provider.  Intira  Netsourcing  Solutions 
power  mission-critical  e-business 
applications  with  maximum  availability 
by  providing  a  seamlessly  integrated 
IT/network  infrastructure;  highly  auto¬ 
mated,  secure  operations;  a  broad  set 
of  highly  skilled  technical  resources; 
and  a  full  range  of  robust,  value-added 
services.  Intira  Netsourcing  Solutions 
enable  e-businesses  to  remain  focused 
on  their  core  business  competencies  — 
not  the  complex  technology  running 
their  e-business  applications.  Visit 
Intira  at  www.intira.com. 


KYOCERA  MITA  AMERICA,  INC.,  is 

a  leader  in  digital  document  imaging. 

As  part  of  the  $7.5  billion  Kyocera 
Corporation,  KMA  is  known  for  develop¬ 
ing  economical,  ecologically  sound  print 
engines,  state  of  the  art  controllers  and 
network  tools  plus  years  of  innovation  in 
copier  technologies,  paper  handling  and 
manufacturing  experience.  The  product 
line  includes  network  ready  computer 
connectable  digital  printers,  printer/ 
copiers,  color  printer/copiers,  multifunc¬ 
tional  and  wide  format  imaging  solu¬ 
tions.  For  more  information,  visit 
www.kyoceramita.com. 


LOCKHEED  MARTIN  Global 
Telecommunications  is  a  premier 
global  source  of  network  services  and 
advanced  infocom  solutions  to  enter¬ 
prise  customers.  A  wholly  owned  sub¬ 
sidiary  of  the  Corporation,  LMGT  is 
focused  on  offering  one-stop  solutions 
for  integrated,  managed,  secure,  Web- 
based  enterprise  IT  and  telecommunica¬ 
tions  services  via  a  broad  portfolio  of 
network,  application  and  IT  services. 


SYMANTEC,  a  world  leader  in  Internet 
security  technology,  provides  a  broad 
range  of  content  and  network  security 
solutions  to  individuals  and  enterprises 
The  company  is  a  leading  provider  of 
virus  protection,  risk  management, 
Internet  content  and  e-mail  filtering, 
remote  management  and  mobile  code 
detection  technologies.  Headquartered 
in  Cupertino,  CA,  Symantec  has  world¬ 
wide  operations  in  more  than  33  coun¬ 
tries. 


Symantec 


he  companion  program  allows 


companions  to  join  conference 


participants  during  designated  meals 


and  social  activities  at  the  CIO 


Perspectives  conference  and  meet 


other  companions  for  special  activi¬ 


ties.  Plan  your  vacation  with  us  in 


sunny  Florida  and  enjoy  brunch  on 


the  beach,  a  unique  fitness  class, 


and  a  complimentary  shopping  shut 


tie  to  exciting  Mizner  Park.  Can  you 


picture  yourself  as  a  culinary  whiz? 


Participate  in  a  special  lunch  that  is 


hands  on  and  led  by  one  of  Boca 


Raton  Resort  &  Club's  award  winning 


chefs.  If  you  can  find  any  time  left 


over  from  planned  activities,  visit  the 


resorts  luxurious  health  and  fitness 


center  where  you  can  enjoy  a  relax 


ing  spa  treatment  or  indulge  in  one 


of  the  many  watersports  offered 


The  following  Corporate  Hosts 
will  also  be  joining  CIO  in  Boca  Raton. 


INTIRA 


KyocERa 

mita 


oundaries. 


THE  CIO  IN  THE  NEW  WORLD 


Witho 


□  1  won’t  be  able  to  attend,  but  please  keep  me  updated  on  future  CIO 

events. 

NAME 

TITLE 

COMPANY 

ADDRESS 

MAIL  STOP 

CITY 

STATE  ZIP  CODE 

PHONE 

FAX 

E-MAIL 

COMPANY  WEB  SITE  ADDRESS 

WHAT  IS  YOUR  INDUSTRY? 

WHAT  ARE  YOUR  ORGANIZATION’S  ANNUAL  REVENUES  OR  ASSETS? 

WHAT  IS  YOUR  ANNUAL  IT  BUDGET? 

YOUR  NAME  AS  YOU  WANT  IT  TO  APPEAR  ON  YOUR  BADGE 

NAME  OF  COMPANION  (IF  PARTICIPATING  IN  COMPANION  PROGRAM) 

HOTEL  ACCOMMODATIONS 

We  urge  you  to  make  your  reservations  early  by  calling  the  hotel  at 
561-447-3000  and  identifying  yourself  as  part  of  the  CIO  conference  to 
receive  the  conference  rate.  CIO  will  make  hotel  reservations  for  govern¬ 
ment/military  participants  only.  Be  sure  to  guarantee  your  room  with  a 
credit  card,  as  all  unreserved  or  unguaranteed  rooms  will  be  released  on 
March  23,  2001.  Hotel  reservations,  cancellations  and  charges  are  your 
responsibility.  If  a  CIO  conference  Enrollment  Form  is  not  received  within 
48  hours  of  making  your  hotel  reservation,  your  room  will  be  released 
from  the  CIO  room  block. 

ENROLLMENT  FEES 

All  enrollment  fees  must  be  paid  in  advance  of  the  meeting.  Fee  includes 
conference  sessions,  business  briefings,  Corporate  Host  displays,  confer¬ 
ence  materials  and  scheduled  meals,  receptions  and  entertainment. 
Transportation,  hotel  and  recreation  are  your  responsibility.  Please  note 
that  submission  of  this  enrollment  form  to  CIO  obligates  the  attendee/ 
sender  for  the  enrollment  fee. 

CANCELLATION 

All  cancellations  or  substitutions  must  be  made  in  writing.  You  may 

cancel  your  conference  or  companion  enrollment  up  to  March  23,  2001 
without  penalty.  A  $300  administration  fee  will  be  imposed  for  cancella¬ 
tions  between  March  24  -  April  6,  2001.  No  refund  or  credit  will  be  given 
for  cancellations  after  April  6,  2001  or  for  no  shows.  You  may  send  a 
substitute  in  your  place.  CIO  reserves  the  right  to  decline  enrollment  to 
any  registrant. 


If  this  Is  your  first  CIO  conference, 
your  business  card  is  required 
to  process  your  registration. 


1  i 

!  , 

- - - - - - ■ - - - - 

CHECK  ALL  THAT  APPLY: 

ENROLLMENT  FEES: 

□  IT  PRACTITIONER/EXECUTIVE  =  $2,480 

This  fee  applies  if  you  are  a  CIO,  IS  executive  or  hold  another 
executive  position  other  than  those  listed  below. 

□  GOVERNMENT/MILITARY  =  $2,900 

This  fee  includes  your  hotel  for  three  nights.  Do  not  make  your  hot 
reservations,  CIO  will  make  them  for  you. 

Arrival  Date _  Departure  date _ 

□  SALES/MARKETING/CONSULTING  =  $10,000 

This  fee  applies  if  you  hold  a  sales,  marketing,  new  business  develo 
ment  or  consulting  position,  including  executive  management  of  IT 
vendor  and  consulting  companies.  This  fee  is  payable  by  company 
check  only.  CIO  will  make  the  final  determination  of  this  category. 

□  COMPANION  PROGRAM  =  $350 

Companions  must  be  enrolled  in  this  program  to  attend  any 
conference-related  functions  including  all  scheduled  meals, 
receptions,  entertainment,  companion  breakfast,  and  planned 
companion  activities.  Conference  session  attendance  is  not  includec 

PAYMENT  tmi 

□  Check  enclosed  Executive  Programs,  CXO  Media,  Inc.,  Box  D3620,  I 

Boston,  MA  02241-3620. 

□  P.O.#  _ _ 

(A  complete  Purchase  Order  must  be  submitted  within  10  days) 

□  AMEX  □  Visa  □  MC  Exp. 

□  Credit  Card  # _ _ _ I 

Signature _ _ _  1 

□  I  am  not  staying  at  the  Boca  Raton  Resort  &  Club. 

Name  of  alternate  hotel _ 


WEB  SITE  at  www.cio.com/conferences 


To  enroll,  CALL  800  366-0246,  visit  ou 

or  FAX  us  at  508  879-7720. 
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fou  asked  MM  to  help  educate  senior  management  on  the  business  value  of  technology. 

We  heard  you.  And  we’re  pleased  to  announce  Darwin. 


Darwin  is  the  first  magazine,  written,  edited  and 
:alibrated  for  business  executives.  Every  issue 
jemystifies  technology  for  non-technology  executives 
and  helps  them  understand,  identify  and  support 
technology  options  to  achieve  your  organizational  goals. 

Darwin  covers  all  the  technologies  executives  need 
to  know,  not  just  the  Internet.  From  application  software 
to  ASPs,  from  encryption  to  ERP,  hardware  to  hosting, 


VPNs  to  vendor  relations  —  everything  it  takes  to  use 
technology  to  solve  business  challenges. 


Darwin  is  FREE  to  qualified 
non-technology  executives.  Tell  your  team 
to  apply  for  a  Free  Subscription  at 

www.darwinmag.com/subsGribe 


- 1  Emerging 

COMPANIES  TO  WATCH 

Silanis  Technology 

Sign  Online 

Silanis  Technology  is  set  on  capturing  the  reenergized  electronic 
signature  technology  market  by  j.  brown 


WHEN  FORMER  PRESIDENT  CLINTON 

signed  the  Electronic  Signatures  in 
Global  and  National  Commerce  (E- 
Sign)  Act  into  law  on  Oct.  1,  2000,  it 
signaled  a  significant  change  for  busi¬ 
nesses  of  many  types — especially  those 
involved  in  e-commerce.  Suddenly,  com¬ 
panies  could  complete  important  busi¬ 
ness  transactions  with  the  assurance  that 
electronically  signed  agreements  would 
be  considered  as  legally  valid  as  hand- 
signed,  printed  documents. 

One  company  poised  to  take  advantage 
of  this  law  is  Silanis  Technology.  It  has 
been  producing  electronic  signature  soft¬ 
ware  since  1992.  A  combination  of  expe¬ 
rience  in  the  marketplace  and  unique  tech¬ 
nology  that  allows  for  multisignature  and 
multistage  approval  makes  Silanis  a  sig¬ 
nificant  player.  “The  [E-Sign]  law  gives 
them  a  huge  new  space  to  play  in,”  says 


Louis  Boyle,  a  vice  president  for  the  Meta 
Group  in  Stamford,  Conn. 

Silanis  developed  Approvelt,  one  of  the 
industry’s  first  multisignature  electronic 
approval  management  software  applica¬ 
tions.  According  to  the  company,  more 
than  800  organizations  currently  use  Si¬ 
lanis  products  in  government,  business, 
insurance,  finance,  health-care  and  phar¬ 
maceutical  sectors,  including  the  U.S. 
Joint  Chiefs  of  Staff,  Nationwide  Mutual 
Insurance  and  General  Motors  Accep¬ 
tance  Corp.  In  2000,  Silanis  created  On- 
Sign.com,  a  consumer  division  that  offers 
free,  downloadable  consumer  software  to 
meet  the  legal  requirements  for  secure 
electronic  signing. 

Silanis  has  also  recently  managed  to 
secure  some  significant  partnerships  that 
may  help  solidify  its  place  in  the  market. 
The  U.S.  Army  Medical  Command  stan- 


Technology 

dardized  on  Silanis  to  enable  its  40,000 
employees  to  electronically  sign  thousands 
of  government  documents.  The  deal  rep¬ 
resents  the  single  largest  deployment  for 
e-signing  documents  to  date. 

In  addition,  Synaptics,  a  leading  sup¬ 
plier  of  touch-sensing  technology  to  ma¬ 
jor  notebook  manufacturers  including 
ACER  America,  Apple,  Compaq,  Dell, 
Gateway  and  Hewlett-Packard,  bundled 
an  OEM  version  of  Approvelt  with  its 
latest  offerings. 

While  it’s  still  too  early  to  predict  which 
companies  will  come  out  on  top  in  the  race 
to  provide  electronic  signature  software  to 
the  thousands  of  companies  expected  to 
use  it,  Silanis  definitely  has  some  advan¬ 
tages.  “It  has  its  act  together  in  terms  of 
management  structure  and  a  strategic 
plan,”  says  Boyle.  “Its  products  are  also  rel¬ 
atively  easy  to  use  and  easy  to  distribute.” 

However,  as  the  market  accelerates  fol¬ 
lowing  the  law’s  passage,  Silanis  will  have 
challenges  to  overcome  if  it  intends  to  stay 
in  front.  For  example,  much  of  the  com¬ 
pany’s  success  will  depend  on  whether 
businesses  find  Approvelt  capable  of 
meeting  all  their  electronic  signature  soft¬ 
ware  needs — after  they  decide  what  those 
needs  really  are.  “It’s  important  to  sepa¬ 
rate  the  attributes  which  digital  signature 
makes  possible:  identification  of  the  signer, 
message  integrity  and  nonrepudiation,” 
says  Victor  S.  Wheatman,  information 
security  strategies  analyst  for  Gartner  in 
San  Jose,  Calif.  “Implementing  digital  sig¬ 
nature  must  be  balanced  against  the  per¬ 
ceived  risks  and  the  benefits  of  these 
attributes.” 

Branding  and  market  awareness  will 
also  be  concerns,  according  to  Boyle. 
“The  space  they  play  in  is  still  not  well- 
known.  Silanis  must  now  capitalize  on  the 
attention  given  to  this  market  to  educate 
the  end  user  as  to  the  merits  of  electronic 
signature  technology.”  BE! 


Do  you  know  about  a  small  company  that  de¬ 
serves  the  attention  of  other  IT  executives?  Send 
suggestions  to  us  at  et@cio.com. 


watching... 

Silanis  Technology 

Headquarters  Montreal  and 
Washington,  D.C.  ■  Employees 
65  ■  Products  Approvelt  (for 
the  corporate  market)  and  OnSign 
(for  the  home  and  small-office  user)  ■ 
Reason  to  watch  Unique  electronic  signature 
software  allows  for  multisignature  and  multi¬ 
stage  approval  ■  Hurdles  to  clear  Electronic 
signature  technology  is  still  unfamiliar  to  many. 
Branding  and  awareness  will  need  improving  as 
this  marketplace  grows. 
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Long  before  e-business  was  a  glimmer  in  anyone’s  eye,  we  were 
quietly  leading  the  industry  with  smart  solutions  for  host  access 
and  fax  automation.  Now  we’re  defining  the  new  Intelligent 
Information  Delivery  space  with  our  latest  innovation:  Pulse. 

A  single-platform,  multi-output  solution  that  transforms  vital 
business  information  and  distributes  it  to  any  recipient.  In  the 
format  they  prefer.  Automatically.  It’s  how  we’re  extending  the 
reach  of  information  to  ensure  your  success. 

Go  where  smart  starts. 

www.esker.com/bright 


PULSE”  ♦  TUN®  PLUS  ♦  SMARTERM®  ♦  PERSONA®  ♦  FAXGATE® 

©2001  Esker  S.A.  All  Rights  Reserved.  Esker,  the  Esker  logo,  Faxgate,  Intelligent  Information  Delivery,  Persona,  Pulse,  and  SmarTerm  are  trademarks  or  registered  trademarks  of  Esker  S.A.  in  the  United  States  and 
other  countries.  Tun  is  a  registered  trademark  of  Esker  S.A.  in  France,  Australia,  and  the  EEC.  All  other  trademarks  mentioned  are  the  property  of  their  respective  owners. 
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WORK,  PLAY  AND  OTHER  STUFF  EDITED  BY  SARA  SHAY  AND  LAFE  LOW 


of  S»r\  and  Oam  Kcpurt 


of  Sir*  anO  L*»m  Krpotl 


We’ve  Got  to  Start  Meeting  Like  This 


Make  them  quick,  organized  and  to  the  point,  and  people  won’t  even  mind  that  guy  who  hums 
under  his  breath  BY  JEFFREY  L.  SEGLIN 


“PEOPLE  COMPLAIN  ALL  THE  TIME  that  they  spend  half  their 
time  at  meetings  and  they  don’t  get  much  done,”  says  Frances  A. 
Micale,  CEO  of  Micale  Training  Corp.  in  Atlanta.  For  people 
who  spend  part  of  their  workweek  closeted  in  meetings,  such 
observations  ring  all  too  true.  It  doesn’t  have  to  be  that  way. 
From  those  who  collectively  have  run  enough  meetings  to  make 
most  of  us  shudder,  here  are  some  tactics  to  keep  in  mind. 


Know  your  objective.  Be  clear  what  you  want  the  meeting  to 
accomplish.  Then  share  that  goal  with  the  meeting  attendees 
before  or  at  the  beginning  of  the  meeting. 

Develop  an  agenda.  “Your  agenda  is  going  to  get  you  to  your 
objective,”  says  Micale.  On  the  agenda,  identify  the  meeting 
topic,  the  start  and  finish  time,  the  attendees,  the  presenters  and 
their  topics,  as  well  as  the  time  allotted  for  each  agenda  item. 
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ILLUSTRATION  BY  STEVEN  MUNDAY 


One  day  you  wake  up  and  realize  that  your  e-commerce  site  is,  well [  all  your  commerce. 


Have  you  heard  of  Kintana? 


Cisco  has. 

Ninety  percent  of  Cisco  orders  are  processed  through  a  critical  e-commerce 
application  called  Cisco  Connection  Online.  It  brings  together  over  400  content 
developers,  700,000  data  files,  and  175  applications  to  generate  $55  million 
in  revenue  every  day.  Needless  to  say,  as  CCO  goes,  so  goes  Cisco. 

Cisco  asked  Kintana  for  help  in  technology  chain  automation  for  this 
e-commerce  side  of  their  business.  By  providing  secure,  systemized  processes 
with  increased  visibility,  self-service  reviews  and  approvals,  and  automated 
deployment  of  new  site  features,  we  have  delivered  in  spades.  Revenues  through 
CCO  have  quadrupled  from  $4  billion  to  $17  billion  a  year,  while  the  team 
required  to  manage  the  site  has  decreased  by  25%. 

Believe  it  or  not,  results  like  these  can  be  achieved  almost  overnight.  We  can 
radically  accelerate  the  speed  at  which  your  business  can  evolve.  Do  it  in  Kintana  time. 


K  I  N  T  A  N  A 


Af} ;  .  A'ili  ■  fedffer Kfife  -U!  &  ffe  fer1 1 


Mark  Tonnesen,  Vice  President  Information  Technology 

Cisco  Systems 


CEO  of  Taylor’d  Communications  in  St.  Louis,  suggests  that 
you  make  sure  there  are  no  auditory  and  visual  distractions, 
more  than  90  minutes  don’t  pass  without  a  stretch  or  break, 
the  room  doesn’t  get  too  warm  and  the  lighting  isn’t  too  dull. 
Outlaw  cell  phones.  “When  you’re  talking  to  someone  and  all 
of  a  sudden  his  cell  phone  goes  off  and  he  answers  it,  he’s  just 
told  you  that  whatever  you’re  talking  about  is  less  important 
than  that  phone  call,”  says  Goldsworthy. 

Conclude  with  an  action  plan.  At  the  end  of  the  meeting,  the 
leader  should  summarize  what’s  been  discussed,  advises  Sue 
Pistone,  CEO  of  Sue  Pistone  &  Associates,  a  time-manage¬ 
ment  consultancy  in  Houston.  Then  decide  who  is  responsi¬ 
ble  for  whatever  follow-up  is  needed,  and  set  target  dates 
for  completion. 

“The  worst  meetings  I’ve  seen,”  says  Walters,  are  those  where 
“there  isn’t  a  good  reason  for  the  meeting,  there’s  a  poor  agenda 
or  none  at  all,  the  meeting  creeps  its  way  into  a  several-hour 
ordeal,  participants  are  unprepared  and  there’s  no  skilled  facili¬ 
tation.  The  result?  Wasted  time  and  deflated  energy  for  the  par¬ 
ticipants,  not  to  mention  a  culture  of  meeting  dread!  Good  meet¬ 
ings  are  more  rare,  but  you  know  when  you’re  attending  one. 
The  purpose  is  clear,  participants  are  prepared,  conversation  is 
dynamic  and  it  ends  promptly,  with  next  steps  defined.” 

We  don’t  need  to  meet  to  agree  with  those  conclusions. 


Jeffrey  L.  Seglin  ( jseglin@post.harvard.edu )  is  the  author  of  The  Good, 
the  Bad,  and  Your  Business:  Choosing  Right  When  Ethical  Dilemmas  Pull 
You  Apart  (Wiley,  2000).  He  teaches  at  Emerson  College  in  Boston. 


Invite  the  right  people.  Too  often,  says  Micale,  “peo¬ 
ple  are  drawn  away  from  their  jobs  without  the 
slightest  thought  of  whether  they  need  to  be  there. 

You  end  up  inconveniencing  them,  having  them 
resent  the  fact  that  they  don’t  know  why  they  are 
there  and  costing  the  organization  their  salary.” 

Start  on  time.  When  Alan  Goldsworthy  started 
as  CEO  of  Applix,  a  provider  of  cus¬ 
tomer  analytics  and  business  planning 
(such  as  CRM)  based  in  Westboro,  Mass., 
he  started  fining  employees  $1  for  every 
minute  they  were  late  to  a  meeting. 

“People  are  much  more  mindful  that  a 
meeting  has  to  start  on  time,”  says 
Goldsworthy.  He  starts  his  meetings  on 
time  regardless  of  stragglers. 

Facilitators  should  never  be  late,  says  Eli  Mina, 
a  Vancouver,  Canada-based  professional  meeting 
facilitator.  “If  they’re  late,  it  gives  everyone  else  license 
to  be  late.” 

Use  a  skilled  facilitator.  Jamie  Walters,  president  of  San  Fran- 
cisco-based  Inno Vision  Communication,  a  company  that 
advises  businesses  on  internal  communications,  suggests  that 
the  facilitator  be  “someone  who  can  keep  participants  focused 
on  the  agenda  items  and  navigate  prickly  interpersonal  issues 
so  that  the  meeting  is  effective  instead  of  dysfunctional.”  The 
facilitator  should  also  ensure  that  the  meeting  isn’t  dominated 
by  one  or  two  people.  Micale  advises  against  the  boss  as  facil¬ 
itator  so  that  attendees  won’t  be  inclined  to  say  what  they 
think  the  boss  wants  to  hear,  even  if  it  is  the  boss’s  meeting. 
Have  tools  available.  To  avoid  “last-minute  scrambling,” 
Emma  Pearson-Stoner,  a  vice  president  at  Miller  Shandwick 
Technologies  public  relations  agency  in  Boston,  makes  sure 
before  meeting  time  that  equipment  that  might  be  needed — 
projectors,  white  boards,  pens,  notepads,  markers  and  so  on — 
is  available. 

Be  aware  of  physical  comforts.  Don’t  serve  sleep-inducing  heavy 
meals  or  alcohol  during  a  meeting,  says  Mina.  Judy  Taylor, 


RESOURCE  BOX: 

For  more  ideas  on  running  effective  meetings,  consider  these 
two  guides: 


Not  Another  Meeting!  A 
Practical  Guide  for  Facilitating 
Effective  Meetings 

by  Frances  A.  Micale  (Oasis 
Press,  1999,  $17.95). 


The  Complete  Handbook  of 
Business  Meetings 

by  Eli  Mina  (Amacom,  2000, 
$29.95). 
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Intrusion.com  SecureNet  Pro™ 
network  intrusion  detection 
system  is  fast  and  accurate  - 
so  you  can  find  the  real  threat! 


which  signatures  are  string-matched 
and  which  are  analyzed  in  context, 
tailoring  the  system  to  the  unique 
attributes  of  your  network  traffic. 


The  bottom  line?  Fewer  false 
positives.  More  accurate  information. 
More  visibility  into  your  network. 
And  better  security.  Isn't  that  what 
intrusion  detection  is  all  about? 


INTRUSION.COM  SecureNet  Pro  is 
the  first  intrusion  detection  system 
that  combines  the  speed  to  handle 
intense  network  traffic  with  the 
accuracy  to  make  the  information 
you  collect  valuable. 

SecureNet  Pro  delivers  a  peerless 
balance  of  speed  and  accuracy  by 
combining  fast  string  matching  with 
accurate  context  analysis.  And  unlike 
other  intrusion  detection  systems, 
SecureNet  Pro  signatures  are  totally 
extensible.  You  can  even  choose 


Intrusion.com  SecureNet  Pro 
is  available  on  easy 
to  manage  and  deploy 
desktop  and 
rack-mountable 
appliances. 


What’s  more,  SecureNet  Pro 
eliminates  redundant  signature 
analysis  with  Shared  Decision  Logic, 
and  cuts  packet  handling  by  33%. 
That  means  fewer  dropped  packets 
and  100%  attack  recognition*  even 
on  saturated  10/100Mbs  networks. 


Get  your  FREE  SecureNet  Pro 
download  right  now  at: 
www.intrusion.com/ad-snpl 
or  call:  1.866.384.4236 


INTRUSION 


.COM 

Security  solutions  for  a  .com  world 


*  Attack  recognition  based  on  the  nearly  400  default  attack  signatures  using  context  analysis  with  randomly  sized,  synthetic  traffic. 


lifescience 

Atlanta:  Olympic  Proportions 


Mountain  Park  (16  miles  east  of 
downtown,  770  498-5600), 
where  you  can  climb  the 
world’s  largest  granite  monolith 
(830  feet  high  and  5  miles 
around). 

CIO-friendly  bars/ 

clubs  At  the  end  of  the  day, 
Buckhead  execs  unwind  at 
The  Palm  in  the  Swissotel  (814- 
1955),  The  Ritz-Carlton  Buck- 
head  hotel  bar  (237-2700)  or 
the  cozy  Beluga  Martini  Bar  in 
Buckhead  (869-1090).  Down¬ 
town  counterparts  like  the 
offbeat  aura  of  Mumbo  Jumbo 


Atlanta  is  well  on  its  way  to  becoming  the  convention  and  culinary 
capital  of  the  South  BY  william  schemmel 


Getting  your  bearings  in  this  rapidly  changing  metropolis  can  be  diffi¬ 
cult.  The  street  pattern  is  an  oxymoron.  The  map  looks  like  a  plate 
of  spilled  linguini;  streets  capriciously  change  their  names.  Nevertheless , 
Atlanta,  urbane  and  cosmopolitan,  is  still  small-town  enough  to 
he  hospitable. 

(Numbers  listed  are  within  404  area  code  unless  otherwise  indicated.) 


airport  Hartsfield  Atlanta 
International  Airport,  10  miles 
south  of  downtown,  is  one  of 
the  world’s  busiest.  MARTA 
(Metropolitan  Atlanta  Rapid 
Transit  Authority)  trains  (848- 
4711)  can  get  you  to  down¬ 
town  Atlanta  or  the  Buckhead 
district  in  about  15  minutes 
($1.75  one-way).  Rental  cars, 
taxis  and  shuttle  vans  are  also 
available. 

hotels  The  470-room  Omni 
Hotel  at  CNN  Center  (659- 
0000;  $159-$775)  is  just  a  few 


(266-1440)  and 
Seeger’s  award¬ 
winning  European 
cuisine  (846-9779). 

For  clubby  steaks  and 
seafood,  reserve  a 
table  at  the  downtown 
Ritz-Carlton’s  Atlanta 
Grill  (659-0400),  Bone’s 
(237-2663)  or  Chops 
(262-2675)  in  Buckhead. 

For  fried  chicken  and 
Southern  comfort  trim¬ 
mings,  Atlantans  fill  up  at 
The  Colonnade  (874-5642). 
Asian  and  Fatino  foodies  can 
pick  from  miles  of  authentic 
eateries  on  Buford  Highway’s 
“Chambodia”  strip. 


family  fun  Kids  (and  lots  of 

adults)  love  to  splash  in 
Centennial  Olympic  Park’s 

Fountain  of  Rings.  SciTrek 
Museum  (522-5500)  keeps  idle 
hands  busy  with  150  gadgets  to 
push,  pull,  climb  into  and  stand 
on.  Work  off  excess  energy  at 
Galyan’s  athletic  gear  store 
(267-0200)  on  a  60-foot  indoor 
climbing  wall,  or  at  Stone 


steps  from  the  Georgia  World 
Congress  Center,  Georgia  Dome 
and  Centennial  Olympic  Park. 
In  the  nearby  Peachtree  Center 
office  building  cluster,  The  Ritz- 
Carlton  Atlanta,  Downtown 
(659-0400;  $225-$395);  Atlanta 
Hilton  &  Towers  (659-2000; 
$199-$1,500);  Westin  Peachtree 
Plaza  (659-1400;  $235-$890) 
and  Atlanta  Marriott  Marquis 
(521-0000;  $209-$500)  also 
house  conventioneers  and 
tourists  in  cushy  comfort.  The 
Ritz-Carlton  Buckhead  (237- 
2700;  $255-$l,500);  Swissotel 
(365-0065;  $225-$355) 
and  Grand  Hyatt  Atlanta 
(365-8100;  $230-$2,500) 
are  top-drawer  choices  in 
the  Buckhead  corporate 
and  financial  district. 


restaurants  Focal 

dining  gurus  give  gold  stars 
to  Bacchanalia’s  new 
American  cuisine  (365- 
0410),  Antica  Posta’s 
Tuscan  pasta  (262-7112), 
Brasserie  Le  Coze’s  flawless 
French  Provencal  cooking 
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(523-0330)  and  Max  Lager’s 
American  Grill  and  Brewery 

(525-4400).  Eno  (685-3191) 
stocks  one  of  the  city’s  best 
wine  bars. 

insider’s  guide  join 

Atlantans  for  a  night  of  dining, 
browsing  and  pub-crawling  in 
the  neighborhood  around 
North  Highland  and  Virginia 
Avenues  (Vi-High).  Three  miles 
from  downtown,  this  stretch  is 
packed  with  lively  restaurants, 
bars  and  offbeat  shops.  Lim¬ 
erick  Junction  Pub  (874-7147) 
celebrates  the  Emerald  Isle  with 
rollicking  music.  Surin  of 
Thailand  (892-7789),  Noche  for 
southwestern  cuisine  (815- 
9155),  Mambo  Restaurante 
Cubano  (876-2626)  and 
Fontaine's  Oysterhouse  (872- 
0869)  are  Vi-High  regulars’ 
favorite  eateries. 


museums/theater/ 

■ 

music  Catch  a  concert  or 
musical  at  The  Fox  Theatre, 
a  beautifully  restored  late 
1920s  palace  with  minarets, 
hieroglyphics  and  a  ceiling 
twinkling  with  electric  stars 
(881-2100).  The  High  Museum 
of  Art  (733-4444)  comple¬ 
ments  the  permanent  Amer¬ 
ican,  European,  decorative 
arts,  Southern  folk  art  and 
African  collections  with 
touring  shows. 

calendar  The  Atlanta  Hawks 
(827-3800)  and  Atlanta 
Thrashers  (584-7825)  wind  up 
their  seasons  at  Philips  Arena 
(827-2300),  next  to  the  Georgia 
World  Congress  Center.  The 
Atlanta  Braves  begin  another 
National  League  pennant  chase 
in  early  April  at  Turner  Field, 
south  of  downtown  (522-7630). 


CIO’S  CORNER: 

“Chops,  an  upscale  steak  and  seafood  restaurant  in  Buckhead, 
is  one  of  my  favorite  places  to  entertain  clients,”  says  Michael 
Crawford,  national  sales  director  and  head  of  IT  for  Primerica, 
an  Atlanta-based  national  insurance  and  financial  services  cor¬ 
poration.  "The  food,  service  and  atmosphere  always  make  a 
great  impression.  We  also  enjoy  The  Lobster  Bar,  downstairs 
from  Chops.  Both  restaurants  are  part  of  the  Buckhead  Life 
Restaurant  Group,  which  also  owns  Pano’s  and  Paul’s, 
103  West  and  other  excellent  restaurants.  For  drinks  and  jazz, 
we  frequently  take  clients  to  Carbo's  Cafe,  a  restaurant  and 
lounge  in  the  Buckhead,  with  great  food,  drinks  and  music.” 
Crawford  entertains  nearly  as  many  guests  over  the  links  as  he 
does  over  dinner  and  drinks.  “With  Atlanta’s  terrific  year-round 
weather,  we  also  do  a  lot  of  client  business  over  golf." 


rent  or  buy  Kinko’s  three 

downtown  locations  include 
one  close  to  the  Peachtree 
Center  hotel  district  (221- 
0000).  SST  Computing  (770 
426-0051)  and  Electro  Rent 
(800  688-1111)  will  deliver 
computers  and  scanners  to  your 
hotel.  Need  dry-cleaning  quick? 
Custom  Cleaners  &  Alterations 
(876-2321)  and  Fashion  Care 
(522-0191)  are  near  downtown 
hotels. 


William  Schemmel  is  a  travel  writer 
based  in  the  Atlanta  area. 


don’t  miss 

Lun-Lun  and  Yang- Yang,  two 
beautiful  giant  Chinese  pan¬ 
das  who  eat  bamboo  and 
sleep  a  lot  while  crowds  of 
humans  ooh  and  aah  around 
their  cushy  habitat  at  Zoo 
Atlanta  in  Grant  Park  (624-5600).  Silverback  mountain  gorillas 
and  orangutans  are  some  of  the  other  star  attractions. 
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weather  March  comes  in  cool, 
windy  and  rainy.  Bring  a  topcoat 
and  sweater,  just  to  be  safe. 
Average  high  temperature:  64°F 
Average  low  temperature:  43°F 
Average  precipitation:  5.6  inches 

other  resources  Crawford 

Long  Hospital  of  Emory 
University  (686-4411)  is  near 
downtown  hotels.  Piedmont 
Hospital  (605-5000)  is  between 
downtown  and  Buckhead.  CVS 
(881-0329  and  351-7629)  has 
24-hour  pharmacies.  Contact 
the  Atlanta  Convention  and 
Visitors  Bureau  (521-6600, 
acvb.com)  for  additional  local 
information. 
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The  Aquaman  Cometh 

While  you  were  busy  outsourcing  e-commerce,  this  CIO  was  conquering  the  English  Channel 

BY  MERIDITH  LEVINSON 


At  12  hours,  I  found  myself  on  the  crest  of  a 
wave  and  I  caught  sight  of  the  coast  of  France. 
It  was  far  away.  I  said  to  myself,  ‘I  have  a  lit¬ 
tle  less  than  two  morning  workouts.’” 

After  12  hours  of  his  arms  and  legs  pum- 
meling  the  62-degree  water,  exhaustion  set  in. 
Eckstein  shouted  through  the  waves  to  his 
crew,  “Give  me  some  encouragement!”  They 
shouted  back  to  him,  “Keep  swimming!”  He 
also  needed  food.  He  had  been  consuming  a 
sports  drink  called  Endurox,  which  his  crew 
mixed  with  hot  water  and  tossed  over  the 
side  of  the  boat  for  him  at  regular  intervals 
during  the  swim. 

Eckstein  says  his  boat  captain  wouldn’t 
let  the  crew  feed  him  during  the  final  hour 
of  the  swim.  If  he  had  taken  that  last  draught 
of  Endurox,  he  might  not  have  stormed  the 
beach  at  Cap  Griz  Nez.  “If  you  stop,”  he 


“IT  WAS  SPIRITUALLY  AWAKENING  for 
me,”  says  Henry  Eckstein,  vice  president 
and  CIO  at  York  Claims  Service,  a  New 
York  City-based  insurance  claims  provider,  of 
his  first  experience  swimming  across  the 
English  Channel.  “It  made  me  aware  that  so 
much  of  what  I  do  in  life  begins  with  the 
desire  and  the  thought.  Thinking  is  the  basis 
of  action,  and  action  is  the  basis  of  your  suc¬ 
cess,”  says  the  soft-spoken  53-year-old. 

Last  summer,  Eckstein  plowed  through 
swelling,  white-capped  waves,  surged 
through  18-mile-per-hour  winds,  passed 
super-tankers,  battled  jellyfish,  staved  off 
hypothermia  and  ate  24  times  on  his  way 
from  England’s  White  Cliffs  of  Dover  to 
France’s  Cap  Griz  Nez.  He  crossed  the  chan¬ 
nel  in  14  hours  and  24  minutes,  covering  a 


total  distance  of  between  30  and  35  miles. 
(The  actual  distance  across  the  channel  is  22 
miles,  but  the  strong  current  prevents  swim¬ 
mers  from  cutting  directly  across.) 

On  the  morning  of  Aug.  24,  Eckstein’s 
boat  captain  and  swim  team  partner,  Michael 
Ross,  who  inspired  the  Piscean  CIO  to  start 
long-distance  swims,  estimated  he  could  cross 
it  in  12  to  14  hours.  Eckstein  resolved  to  tra¬ 
verse  it  in  12. 

“After  six  hours  I  thought,  ‘Oh  great,  I’m 
halfway  there,”’  says  Eckstein,  who  swam 
wearing  a  watch  along  with  his  goggles, 
bathing  cap  and  Speedo.  “After  nine  hours  I 
thought,  ‘I’m  three-quarters  of  the  way  there.’ 


says,  “the  current  will  throw  the  navigation 
off.  The  current  is  so  strong  that  it  carries  you 
against  the  direction  you  want  to  swim.  The 
30  seconds  it  takes  to  feed  is  the  difference 
between  landing  on  the  beach  or  having  the 
current  sweep  you  back  out  and  having  to 
swim  for  another  six  hours.”  ran 


Senior  Writer  Meridith  Levinson  is  quite  a  swimmer 
as  well.  Tell  her  your  stories  at  mlevinson@cio.com. 

Suggest  future  topics,  and  let  us  know 
what  you  think  about  Life  Science. 

E-mail  us  at  lifescience@cio.com. 
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Our  e-marketplace  solutions  have  already  created  more  than  $16  billion  in  value  for  over 
950  companies  worldwide.  Hard  dollar,  bottom-line  benefits  from  reducing  cost  of  goods 
sold,  shrinking  inventories,  accelerating  time-to-market  and  creating  new  e-markets.  i2  has 
the  only  B2B  solution  that  incorporates  a  complete  supply  chain  model,  marketplace-to- 
marketplace  support  and  rich  content  management  capabilities.  Value?  Want  some? 
Contact  us  at  www.i2.com  or  V877'926~9286. 


Powering  the  Bottom  Line? 


IN  THIS  SECTION 


Difference  Engine 

Jonathan  Zittrain . 176 

Reality  Bytes 

Megan  Santosus . 182 

From  the  Publisher 

Gary  Beach . 186 


Difference  Engine 

The  Social  Impact  of  Technology 


Welcome  to 
Second  Class 

Much  like  airlines  already  do,  Web  merchants  may 
soon  use  personalized  information  to  provide 
different  levels  of  service  and  price 

BY  JONATHAN  ZITTRAIN 

I  PREBOARDED  A  FLIGHT  from  Boston  to  Los  Angeles  as  soon  as  the 
jet-way  door  opened — one  of  the  several  useful  perks  of  first 
class.  Soon  the  rest  of  the  gentry  settled  in  around  me.  As  we 
pushed  back  from  the  gate,  a  flight  attendant  stopped  at  my 
row.  “Mister,  uh,  Barker?”  she  said,  awkwardly  consulting  a 
computer  printout  attached  sideways  to  a  clipboard.  The  man 
next  to  me  nodded.  She  leaned  conspiratorially  close  to  him, 
and  said,  “Just  so  we  don’t  run  out  of  something  you  want, 
I’ll  take  your  dinner  order  now.”  He  went  with  the 
Chateaubriand  and  she  vanished.  Having  been  deprived  of  a 
slightly-better-than-leather  steak  on  earlier  flights,  thanks  to 
the  vicissitudes  of  seat  placement  even  in  the  first-class  cabin,  I 


stewed  anew.  Is  the  airline  food  selection  lottery  now  loaded? 
Did  she  somehow  know  that  I  earned  my  front  cabin  seat 
thanks  only  to  a  frequent-flier  upgrade,  while  Mr.  Barker  paid 
full  price?  Should  I  care,  especially  since  those  in  coach  weren’t 
even  allowed  a  ticket  to  the  decent  food  lottery  up  here? 

Where  the  airlines  are  going  the  Internet  will  follow,  and  with 
it  may  ultimately  go  most  of  our  daily  transactions. 

Here’s  what’s  happening.  First,  as  we  all  know,  merchants  are 
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istomer 


Imagine  knowing  exactly  what  your  customers 
need  or  want  before  they  do.  And  being  able  to 
offer  those  services  or  products  before  they  ask. 
To  grow  your  business  profitably  in  today’s 
economy,  you  have  to  exceed  customer 
expectations.  That’s  where  customer  relationship 
management  (CRM)  comes  in.  Learn  how  a  CRM 
solution,  like  ,  can  revolutionize 

the  way  your  organization  attracts  and  retains 
your  most  profitable  customers.  Join  Infimum 
on  Thursday,  1 5  March,  for  our  free  virtual 
seminar  -  “It’s  All  About  Customers”  - 
featuring  GartnerGroup  analyst  and  CRM 
expert,  Joe  Outlaw.  Register  today  at 
www.infinium.com/allaboutcrm.  Or  call 
1-877-463-6400  or  1-508-790-6744. 


I  N  F  I  N  I  U  M 

do  great  work 


Infinium 

25  Communications  Way 
Hyannis,  Massachusetts  02601 
Telephone:  1-800-775-7668 


www.infinium.com 


Opinion  I  Difference  Engine 


learning  lots  about  us  as  we  surf  the  Net.  We  willingly  part 
with  personal  information  as  we  fill  out  order  forms  and  deliv¬ 
ery  addresses  for  CDs  or  groceries,  and,  of  course,  our  ZIP 
codes  say  a  lot  more  about  us  than  just  where  to  find  us.  In 
addition  to  the  stuff  we  type,  there  are  the  now-classic  mouse 
droppings:  How  long  do  we  linger  on  a  page,  in  microseconds, 
before  we  click  “buy”?  What  are  we  apparently  shopping  for 
but  not  yet  ready  to  buy?  These  sorts  of  questions  can  be 
answered  by  our  very  surfing,  rather  than  by  anything  we 
explicitly  seek  to  tell  an  online  vendor.  And  yes,  thanks  to  cook¬ 
ies  (or,  increasingly,  the  tracking  of  IP  addresses  assigned  to  indi¬ 
vidual  computers),  websites  can  recognize  us  as  people  who 
have  visited  and  developed  a  profile  before. 


This  sort  of  data  collection  has  those  sensitive  to  privacy  up 
in  arms,  but  the  nightmares  they  describe  are  usually  quite  tame. 
Most  revolve  around  a  distaste  for  junk  mail.  With  a  good  sense 
of  my  preferences,  merchants  can  push  advertisements  at  me 
that  I’m  more  likely  to  respond  to,  and  information  vendors  can 
tailor  my  news  to  accord  with  my  projected  interests.  (See 
Andrew  L.  Shapiro’s  insightful  lament  over  personalization, 
“Too  Close  for  Comfort,”  in  the  Aug.  1,  2000,  issue  of  CIO.) 
Still,  this  is  privacy  Armageddon? 

Soaking  the  Rich 

I  suggest  a  separate  vision,  one  that  may  be  more  disturbing  to 
most  of  us.  It  involves  merchants’  use  of  our  personal  informa¬ 
tion  to  provide  differential  levels  of  service,  or  even  differential 
prices,  to  different  people  for  the  same  product  or  service. 
Airlines  already  sell  their  tickets  to  us  by  name,  and  they’re  not 
transferable.  Thus,  they  can  offer  tickets  for  adjoining  seats  on 
the  same  flight  at  an  array  of  prices,  making  educated  guesses 
about  what  a  particular  customer  is  willing  to  pay.  Last-minute 
business  travelers  are  a  lot  less  price  sensitive  than  students  will¬ 
ing  to  be  flexible  about  dates  and  times,  and  the  respective  prices 
reflect  that.  In  a  latter-day  version  of  Robin  Hood’s  redistributive 
crusades,  executives  on  expense  accounts  are  now  soaked  to 
subsidize  the  travel  of  a  sophomore  on  spring  break. 

But  the  airlines’  presumptions  about  the  thickness  of  our  wal¬ 
lets  pale  in  comparison  to  the  wealth  of  data  available  on  the 
Web.  Suppose  Amazon.com  quoted  you  a  different  price  for  a 
book  than  to  your  next-door  neighbor?  Indeed,  imagine  that 


everything  on  the  Web  were  priced  with  just  you  in  mind. 
Buying  a  week’s  worth  of  groceries  can  suddenly  involve  as 
much  price  variation  as  buying  a  car,  a  project  in  which  a  tal¬ 
ented  salesperson  can  extract  several  thousand  dollars  more 
from  the  rich  (or  foolish)  than  from  the  poor  (or  frugal).  What 
coupons  only  roughly  hinted  at  (those  who  don’t  bother  to 
clip  them  pay  more  for  the  same  products  as  those  who  do), 
the  Web  may  force  outright. 

Of  course,  as  long  as  customers  can  shop  for  a  better  price 
elsewhere,  it  will  be  difficult  for  merchants  to  soak  not  just  the 
rich  and  lazy,  but  also  the  rich  and  frugal.  Yet  that  may  change: 
Even  as  the  Web  has  made  it  easy  to  jump  from  one  site  to  the 
next  to  compare  prices,  some  merchants  are  trying  to  prevent 

so-called  meta  sites  like  MySimon.com 
or  Pricescan.com  from  assembling  com¬ 
prehensive  rosters  of  prices  to  allow  for 
ready  comparison.  (Indeed,  they’re  claim¬ 
ing  that  the  meta  sites’  robots  are  en¬ 
gaged  in  cybertrespass  as  they  gather 
pricing  information.) 

Price  isn’t  the  only  variable  at  work. 
There’s  service  too.  Banks  have  long  kept 
notations  on  customers’  records,  grading  them  from,  say,  A  to  C 
on  the  basis  of  how  much  they’re  worth  to  the  bank.  If  a  C 
demands  specialized  attention  from  an  associate,  she  may  have 
to  wait  just  a  bit  longer  than  an  A  and  be  turned  down  on  a 
request  that  would  have  been  granted  instantly  to  a  B. 

How  long  before  brick-and-mortar  stores  start  using  their 
frequent-shopper  cards  and  accounts  to  determine  whom  to 
rush  to  on  the  sales  floor  and  whom  to  politely  ignore?  This 
happens  often  enough,  when  the  well-dressed  shopper  is  dis¬ 
tinguished  from  the  scruffier  one,  and  many  are  not  offended 
at  the  merchant’s  behavior.  But  at  some  point  a  difference  in 
degree  can  become  a  difference  in  kind,  and  we  will  find  our¬ 
selves  in  a  world  in  which  we  are  instantly  and  pervasively 
graded,  and  treated  in  accordance  with  our  finely  grained  eco¬ 
nomic  rank.  A  Home  Depot,  online  or  off,  can  become  as  picky 
as  the  bouncer  outside  a  Beverly  Hills  nightclub  where  velvet 
ropes  lift  and  fall  like  a  round  of  London  Bridge. 

Economists  debate  whether  price  discrimination,  and  its 
companion,  service  discrimination,  are  good  things.  Airline 
executives  can  make  a  persuasive  case  that  without  it  there 
would  be  far  fewer  people  who  could  avail  themselves  of  a  flight 
as  prices  converged  to  some  sort  of  average. 

To  be  sure,  the  ability  to  click  comparatively  from  one  site 
to  another  on  the  Web  might  keep  prices  down  for  everyone. 
Jumping  from  Amazon.com  to  Barnesandnoble.com  is  easier 
than  clipping  a  coupon.  But  some  customers  really  are  worse 
than  others;  they  return  products  more  frequently  or  buy  only 
the  underpriced  “loss  leader”  items,  failing  to  return  for  the 


How  long  before  stores  start  using  personalized 
information  to  determine  whom  to  rush  to  on  the 
sales  floor  and  whom  to  ignore? 


17  8  CIO  MARCH  1,  2001  •  www.cio.com 


Share  the  Portal  Vision  of  Hummingbird 


«*§§ 


A  single  point  of  access  to  all  business-critical 
information,  to  make  your  life  easier  at  work. 

Getting  the  information  you  need  to  make  smarter  decisions  has  never  been 
easier.  Hummingbird  Enterprise  Portal  Suite  provides  a  portal  to  access  all 
your  organization's  information,  wherever  it's  stored.  And  it  works  seamlessly 
with  Hummingbird  solutions  for  host  access  and  network  connectivity, 
document  and  content  management,  data  integration  and  business 
intelligence.  So  don't  just  find  information,  use  it  to  make  smarter  business 
decisions.  Then  act  on  them.  Find  out  more.  Visit  our  Web  site  or  call  us  today. 


^^Hummingbird 

Where  the  future  of  e-Business  takes  flight 


^ fjf: 


-  / 


Toll  Free:  +1  877  FLY  HUMM  •  Tel.:  +1  416  496  2200  •  www.hummingbird.com/scope3 


Opinion  1  Difference  Engine 


other  goods  in  the  store  for  which  the  loss  leaders  were  intended 
as  bait.  This  is  a  long-acknowledged  drawback  for  business,  but 
rarely  has  it  been  punished,  until  now.  Anecdotal  accounts — 
derived  from  the  transactions  of  a  student  research  assistant 
who  is  as  frugal  as  he  is  sharp — suggest  that  at  least  one  pop- 


At  least  one  popular  Web  merchant  has  refused 
to  deal  with  people  deemed  unprofitable. 


The  solution  may  lie  in  a  new  sort  of  public  accommodation 
doctrine,  through  which  consumers  could  expect  roughly  equal 
treatment  when  purchasing  the  same  products  or  services. 
Alternatively,  a  set  of  full  disclosure  rules  could  require  com¬ 
panies  to  disclose  the  range  of  prices  for  which  a  given  prod¬ 
uct  or  service  is  offered  and  why,  not 
unlike  the  requirement  by  which  food 
manufacturers  must  list  the  ingredients 
on  packages.  At  the  very  least,  attempts 
to  build  architectures  that  allow  ready 


ular  Web  merchant  has  begun  to  refuse  to  deal  with  people 
deemed  unprofitable.  Their  order  requests  are  denied,  even 
when  accompanied  with  a  valid  credit  card  number. 

As  we  hurtle  toward  a  caste  system  in  which  each  of  us 
stands  to  be  judged  and  treated  in  accordance  with  our  tabu¬ 
lated  station,  we  should  consider:  Is  it  the  mere  existence  of  a 
grocery  store’s  long  line  that  annoys  us,  or  the  fact  that  another 
line  moves  faster  than  ours?  Should  we  tolerate  the  kind  of 
thing  that  is  already  happening  to  us  in  the  air  as  we  sort  our¬ 
selves  among  economy,  business  and  first? 


price  comparison — like  Bidder’s  Edge  or 
Pricescan.com — should  not  be  pre¬ 
cluded  through  legal  maneuvers. 

We  are  in  new  territory  here,  and  we’d  better  think  hard  and 
harmonize  expectations  early  on.  If  we  don’t,  we  could  pay  a 
hefty  price — both  literally  and  figuratively — later  on.  rara 


Do  you  see  us  heading  toward  economic  discrimination? 
Let  us  know  at  difference@cio.com.  Jonathan  Zittrain  is 
assistant  professor  of  law  and  codirector  of  the  Berkman 
Center  for  Internet  &  Society  at  Harvard  Law  School.  His 
e-mail  address  is  zittrain@taw.harvard.edu. 


Coming  in  CIO 


Look  for  These  Articles  in  Future  Issues 


Managing 
Remote 
IT  Workers 

Many  IT  employees  work  remotely, 
and  often  a  company’s  ability  to  offer 
this  option  is  key  to  recruitment  and 
retention.  But  how  can  CIOs  effectively 
motivate,  evaluate  and  otherwise  man¬ 
age  these  workers  when  daily  personal 
interaction  isn’t  part  of  the  scenario? 
Learn  from  the  experiences  of  managers 
and  remote  workers  who  are  dealing 
with  this  issue. 

Asset 

Management 

A  CIO  who  applies  good  asset  man¬ 
agement  techniques  using  IT  tools 


and  services  could  affect  practices 
throughout  the  company,  not  just  in 
the  IT  department.  There’s  a  lot  of  old 
techno-junk  out  there  and  the  piles 
are  growing — and  more  laws  and  reg¬ 
ulations  are  dictating  that  people  dis¬ 
pose  of  this  stuff  responsibly.  Know 
what  you  have,  whether  it’s  worth 
keeping,  and  how  to  get  rid  of  it 
safely  and  legally. 

10  Steps  to 
Punditry 

Gurus  are  everywhere — from  business 
magazines  and  the  boardrooms,  pun¬ 
dits  are  sharing  their  wisdom  and 
charging  thousands  of  dollars  in  speak¬ 
ing  fees.  They  spend  their  days  writing 
books  and  talking  about  the  new  econ¬ 
omy,  broadband  and  the  future.  How 


do  they  do  it?  Better  yet,  how  can  you? 
CIO  offers  10  easy  steps  that  will  make 
you  a  successful  source  of  management 
enlightenment. 

Letting  Go 

You’ve  learned  how  to  recruit  and 
retain  IT  workers,  but  how  do  you  fire 
them?  Experts  say  that  knowing  how  to 
fire  people  correctly  is  a  skill  few  IT 
leaders  display  or  bother  to  cultivate. 
Do  it  the  right  way  and  people  leave 
your  organization  sad  but  not  enraged. 
Screw  it  up  and  you  run  the  risks  of 
burning  bridges,  alienating  those  who 
stay  and  hampering  your  ability  to 
make  future  hires.  CIO  will  help  you 
learn  to  cope  with  the  personal  stress 
of  letting  people  go  and  identify  what 
it  takes  to  fire  someone  with  dignity. 
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Looking  for 
Mr.  Good  Tile 

Why  don’t  marketplaces  that  traffic  in  service  work? 

Uh...can  we  get  back  to  you  on  that? 

BY  MEGAN  SANTOSUS 

A  LOT  OF  DOTCOMS  are  in  the  business  of  bringing  buyers  and  sellers 
together.  These  electronic  marketplaces  promise  to  ease  the  lives 
of  both  parties  by  facilitating  and  streamlining  the  processes  of 
introduction  and  transaction. 

Generally,  electronic  marketplaces  work  well  when  the  things 
being  bought  and  sold  are  tangible.  Looking  to  off-load  I  Dream 
of  Genie  memorabilia  or  artwork  of  questionable  lineage?  In 
the  market  for  assorted  geegaws,  gimcracks  and  whatcha- 
macallits?  Then  eBay  and  the  like  are  where  you  want  to  be. 
But  this  happy  marketplace  model  falls  flat  when  the  items  in 
question  are  services.  The  reason  for  that  is  that  most  market¬ 
places  that  proffer  services  today  don’t  have  to  compete  for  cus¬ 
tomers.  In  this  overdrive  economy,  it’s  a  seller’s  market.  And 
instead  of  making  a  buyer’s  life  easier,  electronic  marketplaces 
that  deal  in  services  often  have  the  opposite  effect;  they’re  clunky, 
time-consuming  and  frustrating. 

Of  course,  I  discovered  this  unpleasant  truth  about  service 
marketplaces  the  hard  way.  For  example,  no  other  category  of 
enterprise  is  as  ripe  for  Internet  streamlining  as  is  the  home 
improvement  industry.  Try  finding  a  good  plumber.  (Good 
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meaning  one  who  returns  your  phone  call  within  a  month  and 
actually  shows  up  during  the  eight-hour  window  as  promised.) 
Go  ahead,  try.  Unless  you’ve  got  an  in-law  in  the  business  who 
owes  you  a  favor,  chances  are  you  won’t  get  anyone  to  even 
bid  on  a  job  within  six  months. 


No  Help  Wanted 

When  I  settled  into  my  new  home,  I  listed  10  projects  I  wanted 
to  complete  before  paying  off  my  15-year  second  mortgage. 
After  six  months  of  living  amid  stacked  boxes,  bare  walls  and 
a  naked  yard,  I’ve  managed  to  get  exactly  zero  projects  started, 
to  say  nothing  of  contracted.  So  I  turned  to  a  couple  of  home 
improvement  websites  promising  quick  responses  and  accu¬ 
rate  estimates  from  reliable,  prescreened  contractors  licensed 
to  work  right  in  my  neighborhood. 

I  logged  on  to  one  site  and  spent  about  15  minutes  filling  out 


ILLUSTRATION  BY  BORIS  KULIKOV 


Your  customers  are.  Wouldn’t  it  be  great  if  your  supply  chain  was  driven  by 
customer  demand?  Right  out  of  the  box?  Presenting  PeopleSoft  Supply  Chain 
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four  screens  of  information.  I  described  the  tiling  I  wanted 
done  in  my  kitchen,  complete  with  a  rough  estimate  of  the 
linear  feet  involved  and  what  I  was  willing  to  pay.  I  fessed  up  in 
that  I  would  go  higher  for  anyone  who  would  schedule  the 
job  before  my  Social  Security  benefits  started  to  roll  in.  I 
pressed  enter  and  was  immediately  cheered  by  a  confident 
reply  promising  that  my  request  would  be  answered  promptly. 

But  before  my  request  was  answered  promptly,  I  received  a 
curt  voice  mail  message  from  Dorothy,  my  own  personal 
“project  adviser,”  informing  me  that  by  submitting  a  job  pro¬ 
posal,  I  was  duty-bound  to  abide  by  the  site’s  honor  system. 
Essentially,  I  was  obligated  to  call  any  contractor  who 


responded  to  my  request;  if  I  ended  up  hiring  a  contractor 
referred  to  me  through  the  site  or  one  I  found  on  my  own,  I 
had  to  let  Dorothy  know. 

Dorothy’s  snippy  tone  made  me  feel  as  if  I’d  already  done 
something  wrong,  like  that  time  in  high  school  I  decided  to 
spend  the  night  in  Manhattan  and  didn’t  call  my  parents 
because  I  just  didn’t  feel  like  it.  Barely  24  hours  old,  my  rela¬ 
tionship  with  this  website  was  already  making  me  feel  like  a 
sulky  adolescent.  I  didn’t  like  Dorothy,  and  I  didn’t  like  having 
to  deal  with  her.  After  all,  isn’t  the  Web  supposed  to  shield  you 
from  having  to  deal  with  unpleasant  tradesfolk  and  their  ilk? 

The  next  day,  I  got  a  curt  e-mail  informing  me  that  the  cost 
estimate  I  provided  was  woefully  low.  I  got  the  impression  that 
Dorothy  felt  I  should’ve  known  better,  even  though  getting  an 
accurate  estimate  was  one  of  the  reasons  I  was  using  the  site  in 
the  first  place. 

During  the  course  of  two  weeks,  a  grand  total  of  one  con¬ 
tractor  called  to  express  interest  in  tiling  my  kitchen.  We 
scheduled  an  appointment.  He  canceled  at  the  last  minute.  I 
called  him  back  to  reschedule.  I  never  heard  from  him  again. 

I  wouldn’t  have  minded  the  brush-off  so  much  except  that 
Dorothy  kept  peppering  me  with  e-mails,  reminding  me  of 
my  moral  obligation  to  keep  her  informed  on  the  status  of 
my  project  and  urging  me  to  deal  with  contractors  referred  to 
me  through  the  site  in  a  forthright  and  equitable  manner.  I 
e-mailed  back  that  I  was  disappointed  with  the  service.  The 
number-one  criteria  on  my  initial  request  was  reliability, 
I  explained,  and  the  one  and  only  guy  who  responded — sup¬ 
posedly  prescreened — demonstrated  an  utter  lack  of  it. 


Dorothy’s  response?  The  site  would  remind  the  contractor 
of  his  obligations.  (Ooh,  a  reminder.  That’ll  make  him  change 
his  evil  ways.)  And,  by  the  way,  if  I  ended  up  hiring  a  contrac¬ 
tor  on  my  own  who  proved  to  be  reliable,  she’d  appreciate  it 
if  I  could  let  her  know  so  that  the  site  could  sign  him  up. 

Now  the  burden  of  finding  reliable  contractors  had  been 
shifted  to  me.  Now  I  was  being  asked  to  work  for  a  website  I 
found  totally  unhelpful  and  even  annoying. 

Unluckily  for  Dorothy,  locating  good  help  in  the  home 
improvement  area  is  not  my  forte.  (Nor  apparently  is  it  the 
forte  of  the  company  she  works  for.)  So,  hopeless  optimist 
that  I  am,  I  opted  to  try  another  home  improvement  website 

advertised  in  my  local  paper. 

I  went  through  a  similar  process.  I 
spent  15  minutes  filling  out  information 
including  my  name,  address,  project 
description  and  hoped-for  budget.  I  was 
again  encouraged  by  a  cheery  message 
telling  me  I  could  expect  a  response 
within  a  few  days. 

One  week  went  by.  Then  three.  Then 
I  got  a  voice  mail  message.  Unfortunately,  the  service  didn’t 
have  any  tile  guys  working  in  my  area — although  that  didn’t 
stop  it  from  advertising  to  that  effect  in  my  local  paper.  In  the 
future,  the  site  did  plan  to  expand  its  coverage  to  my  neck  of 
the  woods.  At  that  time,  perhaps  I’d  be  willing  to  give  them 
another  try? 

The  Party  of  the  Third  Part 

Let’s  see.  I  can  spend  15  minutes  filling  out  a  few  screens  worth 
of  information,  or  I  can  flip  through  the  phone  book,  pick 
out  a  contractor  at  random  and  spend  20  seconds  leaving  a 
voice  mail  message.  The  end  result  of  either  effort  is  that  I  still 
don’t  have  anyone  to  tile  my  backsplash.  And  that’s  the  prob¬ 
lem  inherent  with  service  marketplaces:  The  people  they  try 
to  hook  you  up  with  don’t  work  for  them.  Therefore,  there’s 
no  redress  if  the  people  they  hook  you  up  with  turn  out  to  be 
unreliable.  It’s  not  as  if  the  website  can  fire  them.  And  why 
would  a  good  service  provider  need  to  use  a  third-party  web¬ 
site  to  get  referrals  anyway?  If  it’s  good,  word  of  mouth  is  the 
only  advertising  it  needs. 

What’s  a  homeowner  sitting  in  a  shell  of  a  house  to  do?  The 
sanest  strategy  may  be  to  sit  tight  and  wait  until  the  demand 
for  projects  fails  in  line  with  the  supply  of  home  improvement 
contractors.  Then  we  can  turn  to  the  Yellow 
Pages  and  let  our  fingers  do  the  walking  for 
contractors.  Reliable  ones,  only,  of  course.  QZ3 


If  you  or  anyone  you  know  can  lay  a  little  tile,  let  Senior 
Editor  Megan  Santosus  know  at  santosus@cio.com. 


That’s  the  problem  inherent  in  service  market¬ 
places:  The  people  they  try  to  hook  you  up  with 
don’t  work  for  them.  Therefore,  there’s  no  redress 


V:’  1 


CIO  MARCH  1,  2001  •  www.cio.com 


PHOTO  BY  LESLIE  FEAGLEY 


Opinion 


From  the  Publisher 

gbeach@cio.com 


Join  the  Club 

“I  THINK  THERE  is  a  world  market  for  maybe  five  computers.”  So  said 
Thomas  Watson  Sr.  forecasting  future  sales  for  International 
Business  Machines  large-scale  computers  in  1943. 

OK,  the  guy  was  off  by  a  few  hundred  million.  But  the 
world  of  technology  remains  fascinated  by  the  future.  What’s 
hot?  What’s  not?  Wall  Street  gurus  make  millions  trying  to  pre¬ 
dict  it.  What  if  you  were  able  to  peer  into  the  future  of  tech¬ 
nology  spending  for  the  next  12  months  and  know  what  the 
buying  trends  are  for  the  total  market  and  your  specific  indus¬ 
try?  Would  that  interest  you? 

The  Way  IT  Was 

Technology  Growth  lndexSM 
Aug.  2000-Jan.  2001 

Since  August  2000, 
the  index— based  on  U.S. 
technology  spending— 
has  dropped  from 
104  to  102.1. 
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CIO  magazine  and  Deutsche  Bank  Securities  think  so.  Since 
June  2000,  we  have  been  quietly  building  an  influential  body 
named  the  CIO  Leading  Indicator  Group.  The  goal  of  the  group 
is  simple:  Predict  technology  buying  trends  for  the  next  12 
months.  This  is  a  topic  the  press  writes  about  as  the  driving 


force  in  the  “new”  new  economy.  With  nine  pretests  completed 
based  on  more  than  1,000  responses,  we  are  confident  our 
index — the  Technology  Growth  Index  (TGI) — is  an  accurate 
predictor  of  future  technology  spending  trends. 

I  can  hear  all  the  readers  of  this  column  asking,  “Sounds 
interesting,  but  what  do  I  have  to  do  and  what  do  I  get  out  of 
it?”  Fair  questions.  Membership  in  the  CIO  Leading  Indicator 
Group  is  limited  to  either  CIOs  or  the  senior-most  IT  execu¬ 
tives  at  their  companies.  And  there’s  only  one  membership 
responsibility:  monthly  completion  of  a  nonobtrusive  survey 
that  takes  at  most  five  minutes  to  complete.  The  survey  will 
always  be  e-mailed  midmonth,  and  the  results  will  be  released 
on  the  first  of  every  month.  All  data  is  gathered  and  reported  in 
total.  No  specific  companies  will  be  mentioned. 

Membership  privileges  will  include  the  opportunity  to  get 
detailed,  drill-down  data  by  total  and  specific  industry.  This 
will  be  of  enormous  value  in  helping  you  negotiate  budget 
processes  with  your  other  “O”  colleagues  and  get  an  even  better 
deal  from  a  vendor  if  the  data  shows  the  demand  curve  is  slack¬ 
ening.  In  addition,  membership  will  include  a  monthly  confer¬ 
ence  call  explaining  survey  data  hosted  by  Edward  Yardeni, 
chief  investment  strategist  of  Deutsche  Bank  Securities,  and 
myself  or  Abbie  Lundberg,  editor  in  chief  of  CIO.  Lastly,  CIO 
and  Deutsche  Bank  Securities  also  plan  to  host  a  private  full-day 
analyst  briefing  session  once  a  year  in  New  York  City,  open 
solely  to  the  members  of  the  prestigious  CIO  Leading  Indicator 
Group.  Plans  are  also  being  completed  to  extend  membership  in 
the  group  to  senior  technology  executives  around  the  world. 

Let’s  look  into  the  future  together.  To  join,  e-mail  me 
{gbeach@cio.com)  or  Bridget  Cammarata  ( bridgetc@cxo . 
com),  CXO  Media’s  research  director. 
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mass-customization  process  lets  you  make  changes  quickly  and  inexpensively  as  your  business  evolves.  And  in 
a  fast-moving,  fast-changing  economy,  that  may  be  where  you  find  the  biggest  savings  of  all. 
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iWay  Software  provides  the  most  comprehensive  suite  of  integrated  middleware 
products  in  the  industry  —  products  that  are  ready  to  go  to  work  for  you  today. 
So  why  build  an  e-business  infrastructure  when  you  can  simply  buy  it?  We  can 
help  you  save  time  and  money  integrating  your  legacy  data,  ERP,  CRM  and 
back-end  systems  with  your  new  Internet  solutions  —  right  now.  In  fact,  as  an 
Information  Builders  company,  we’ve  been  accelerating  e-business  enterprise 
integration  solutions  for  thousands  of  customers  for  over  ten  years.  So  stop 
custom  coding  and  call  us  at  212-330-1700,  visit  www.iwaysoftware.com,  or 
email  us  at  info@iwaysoftware.com. 


AN  INFORMATION  BUILDERS8  COMPANY 


©2001  information  Builders,  Inc.  Ail  trademarks,  registered  marks  anil  service  marks  are  the  property  of  their  respective  owners.  All  rights  reserved. 
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we’re  living  in  a  world  with  opportunity  to  change  things.  There's  excitement  in  the 

ability  to  do  something  for  the  world.  A  hundred  years 
ago,  I  probably  would  have  been  a  farmer.” 

Mathaisel  has  pursued  many  opportunities  to  affect 
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to  his  level.” 

Mathaisel  thrives  on  those  types  of  conversations  with  his  peers,  but  he  doesn't  get 
as  much  time  for  it  as  he’d  like.  Solectron  is  growing  at  the  rate  of  50  percent  a  year, 
with  500  of  its  65,000  employees  working  in  IT.  Mathaisel’s  corporate  group  of  135 
IT  staffers  coordinates  policy,  directions  and  standards,  and  ensures  smooth  interac¬ 
tion  between  the  company’s  57  locations.  -Sandy  Kendall 
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If  your  business  intelligence  can't  scale  to  the  continually  larger 
demands  you’re  not  going  to  get  very  far.  That’s  why  you  should  be 
using  WebFOCUS  from  Information  Builders,  the  most  useable,  scalable 
and  deployable  Business  Intelligence  solution  on  the  market  today. 
WebFOCUS  integrates  and  leverages  data  from  all  your  disparate 
systems,  and  delivers  it  as  meaningful  information  over  the  Web  to 
an  unlimited  number  of  users.  So  now,  you  can  act  instantly  and  move 
without  delay.  Which,  in  today's  competitive  landscape  isn't  just 
smart,  it's  brilliant,  www.informationbuilders.com  1.800.969.INFO 
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From  Data  to  Business  Intelligence 
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Interop  delivers  expertise  and  content  recognized  for  their  long-standing  credibility 
and  leadership  in  the  industry.  Such  world-famous  events  as  NetWorld+Interop— 
global  events  focused  on  e-infrastructure— and  interop.com,  a  year-round  resource 
for  the  NetWorld+Interop  community,  deliver  on  Interop’s  commitment  to  networking, 
Internet  and  telecommunications  education  and  information.  In  2001  Interop  launches 
several  new  events,  including  Interop  NetResults— covering  Internet  data  centers 
and  network  services. 


From  the  exhibition  of  next-generation  solutions  and  services  to  unparalleled  education 
at  our  conferences.  Interop  gives  its  community  essential  business  resources, 
information  and  an  unprecedented  forum  for  powerful  face-to-face  communication. 


NETW#RLD 

INTEROP 

Las  Vegas  May  6-11,  2001 
Atlanta  September  9-14,  2001 


INTER*  P 


Boston  June  19-21,  2001 


.COM 


Visit  www.interop.com 

for  the  latest  information 
on  all  our  offerings. 
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Interview 


BY  STEWART  DECK 


DITCHFIELD 


Thirty  years  after  a  tour  of  duty  in  the  U.S. 
Navy,  Allan  Ditchfield  still  stands  yardstick 
straight  and  speaks  with  authority.  Now  an 
independent  systems  consultant  and  director 
of  two  Internet  startups,  he  served  as  acting 
CEO  at  Allenbrook,  an  insurance  software 
company  in  Lowell,  Mass.,  after  seven  years 
as  CIO  at  Cleveland-based  Progressive  In¬ 
surance.  Before  that  he  was  senior  vice  pres¬ 
ident  of  systems  engineering  at  MCI.  Ditch¬ 
field  recently  wrote  a  speech  he  calls  “What 
I  Wish  I  Knew  Earlier  in  My  CIO  Career” 
and  shared  some  of  his  thoughts  with  CIO. 

CIO:  What  are  some  lessons  experience  has 
taught  you  that  you  can  now  pass  along? 
Ditchfield:  First,  project  management  is  vital. 
I  didn’t  learn  this  early  on,  but  it  is  perhaps 
the  most  important.  In  the  past,  I  didn’t  plan 
things  well  and  left  out  major  work  elements. 
I  once  built  a  billing  system  with  microfiche 
output  but  forgot  to  include  the  microfiche 
readers.  If  you’ve  done  a  reasonably  compre¬ 
hensive  plan  from  your  side  and  from  the 
user  side,  something  like  that  will  stick  out. 

Be  aware  that  managing  change  is  crucial 


to  good  project  management.  Manage  expec¬ 
tations  so  that  people  understand  something 
may  cost  more  or  that  you  need  to  shorten 
functional  lists.  Do  this  for  the  project  group 
and  sometimes  for  the  whole  corporation  so 
that  people  don’t  say,  “They  always  make 
promises,  but  they  never  deliver.” 

What  else  have  you  learned? 

People  are  important,  especially  the  smart 
ones.  Work  hard  to  find  employees  with  the 
right  background,  attitude,  hunger  and 
energy.  Then  challenge  them  while  making 
sure  you  provide  time  for  R&R  too.  Give 
tangible  evidence  that  indicates  you  believe 
people  are  an  important  resource. 

When  building  teams,  start  small.  With 
the  right  energy  a  small  team  can  either  solve 
a  problem  or  get  more  resources,  while  too- 
large  teams  flounder.  Next,  some  “impor¬ 
tant”  subjects  waste  disproportionate  time. 
Long  discussions  about  overarching  goals 


or  vision  statements  won’t  necessarily  give 
you  a  lot  back.  I’ve  also  learned  to  be  care¬ 
ful  with  high-tech  fads.  The  press  and  all  of 
us  technologists  love  fads  (like  the  latest 
PDA),  but  they  can  have  real  productivity 
and  cost  problems. 

So,  what  advice  do  you  give  CIOs? 

Plan  and  manage  expectations.  Initiate  and 
accept  business  challenges.  Think  before 
pioneering  with  new  technology,  because 
pioneering  can  be  expensive.  Borrow  ideas 
from  anywhere,  including  competitors. 
Finally,  keep  your  integrity;  be  open  and 
fully  disclose  everything  in  advance — 
lunches  with  vendors,  honoraria,  trips, 
everything.  Being  forthright  is  always  the 
best  way  to  operate.  BE! 

Staff  Writer  Stewart  Deck  wants  to  hear  what  you've 
learned  from  your  career  experiences.  E-mail  him 
at  sdeck@cio.com. 
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OUR  STRTE-OF  THE-RRT  TOOLS  ILHLL  HELP  VOU  GET  FROM  HERE  TO  THERE. 
NO  MRTTER  UJHERE  HERE  IS.  NO  MRTTER  LUHERE  THERE  IS. 


OEOICRTED  HOSTING 

Many  of  the  world’s  high-profile  and  high-volume 
web  sites  depend  on  PSINet. 

^  MHNHGEO  SERUSCES 

PSINet  can  cost-effectively  extend  your  network 
globally  and  provide  up-to-the-minute  security. 

E-COMMEREE 

PSINet  is  the  leading  provider  of  e-commerce  and 
Internet  solutions  to  businesses  worldwide. 

^TRRNSRCTiON  SOLUTIONS 

Handling  more  than  19  million  transactions  daily, 
PSINet  is  the  leading  transaction  processing  provider. 

^CONSULTING  SOLUTIONS 

PSINet  makes  your  systems  all  work  together  with 
flexible,  end-to-end  IT  solutions. 


All  you  need  is  a  vision.  As  long  as  you  aggressively  pursue  that  vision 
with  a  customized  set  of  Internet  tools  from  PSINet,  designed  specifically 
for  your  business. 

Our  global  dedicated  hosting  services  provide  a  turnkey  solution  for 
outsourcing  your  Web  applications.  Our  full  range  of  managed  services  and 
products  will  help  you  achieve  peak  performance.  As  the  world’s  leading 
provider  of  e-commerce  and  transaction  processing  solutions,  we’ll  give  your 
company  global  reach.  And  to  keep  all  your  systems  working  together,  tap 
into  the  expertise  of  our  IT  consulting  solutions. 

That  makes  PSINet  the  only  source  you’ll  need,  no  matter  how  big  you 
are  or  how  big  you  plan  to  get. 


iPRi  PSINet 

■  STADIUM 


Call  1-800-395-1150 


or  visit  www.psinet.com 


PSINet 

THE  INTERNET  SUPER  CARRIER 


©  2000  PSINet  Inc.  The  PSINet  logo  is  a  trademark  of  PSINet  Inc. 
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Strength  and  stability  of  a  company  that  has  endured  many  seasons  is 

a  must.  Fourteen  years  of  experience  and  the  respect  of  companies  worldwide  have  made 
Kingston®  the  most  trusted  name  in  memory.  Kingston  has  cultivated  strong  partnerships  with 
top  semiconductor  companies  and  has  established  five  strategically  positioned  manufacturing  facilities  around  the  globe  to  support  the  world’s 
growing  need  for  memory.  Our  success  has  grown  out  of  a  deeply  rooted  commitment  to  product  quality.  By  using  only  quality  components, 
we  can  offer  outstanding  performance  at  a  competitive  price.  But  above  all,  we  deliver  reliability.  With  Kingston  products,  you  get  it  all  — 
and  a  lifetime  warranty.  Depend  on  Kingston  for  all  your  memory  needs  and  to  be  there  for  seasons  to  come.  For  more  information, 
visit  our  website  at  www.kingston.com  or  call  us  at  (800)  259-9405. 

Computing  Without  Limits* 


17600  Newhope  Street,  Fountain  Valley,  CA  92708  USA  (714)  435-2600  Fax  (714)  435-2699.  ©  2001  Kingston  Technology  Company.  Inc. 
All  rights  reserved.  All  trademarks  and  registered  trademarks  are  the  property  of  their  respective  owners. 
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